Call Our Service Center 402-472-7373 (Toll Free) M-F 8 a.m. – 5 p.m. CST
On May 23, 2012 the University of Nebraska experienced a breach of the Student Information System, which houses data for current and past students, faculty, staff, applicants and others. The questions and answers below contain more information about the incident, who was impacted and what steps should be taken by those impacted.
Is my personal information at risk?
To see what (if any) data the Nebraska Student Information System contains about you, click here. Choose your relationship to the University, enter your name, date of birth (and NUID if available) to check the database. You will then see a message stating whether or not you were found in the database and, if so, what information is present.
What can I do to protect myself?
Placing a Fraud Alert on your credit record indicates to anyone requesting your credit file that you suspect you may be a victim of fraud. When an attempt is made to open a new credit account or make a change to an existing account, the lender will take additional steps to verify that you actually authorized the request. If the lender cannot verify the request, it could be denied.
Each of the three credit services offers a free 90-day fraud alert service. Once you register with one agency, the other two will automatically be alerted.
Here are links to information for activating the free initial fraud alert protection for each agency:
The University of Nebraska has opened a toll-free service center for individuals potentially impacted by the recent breach of the Nebraska Student Information System. The number is 402-472-7373 and the center will be open Monday-Saturday from 8 a.m. – 5 p.m. CST. Current and past students, employees, applicants, parents or anyone who is concerned that he or she has information in the NeSIS can call. We also encourage you to submit questions via this website (see link in the upper-right hand corner).
Who is impacted?
The Nebraska Student Information System contains Social Security numbers, addresses, course grades, financial aid, housing and other information for current NU students, parents, employees, past students who attended the University since 1985 (UNL), 1986 (UNO), 1990 (UNK), 2004 (NCTA) or 2010 (UNMC), and applicants to the university’s four campuses and Nebraska’s three state colleges. It also contains personal and financial information for parents of students who applied for financial aid, as well as NU employees and prospective students who requested that their ACT scores be sent to the university in the past two years. Individuals with bank accounts associated with NeSIS were alerted soon after the breach and advised to monitor their accounts closely in the coming weeks and to report any suspicious activity to their financial institutions. Current and past students, employees and others also have been notified of the breach, and additional notifications are continuing as necessary.
The university is continuing to work with law enforcement to determine the exact nature of the breach and will communicate with those who may have been affected via email and/or personal letter. We also will provide updated information at http://nebraska.edu/security.
Yes. The security breach affects students, past students, and applicants of the university’s four campuses: UNL, UNO, UNK and UNMC, as well as the Nebraska College of Technical Agriculture. The breach also affects NU employees and parents of students who applied for financial aid.
The Nebraska Student Information System contains student records that were transferred from campus systems. The effective dates are as follows:
Personal information supplied by parents of students who applied for financial aid for the past three aid years is contained within the NeSIS. We are still working to determine which parents are affected and what information may have been accessible. We will update the http://nebraska.edu/security website with current information related to the breach, and we will notify additional individuals who may have been affected if necessary.
Some faculty and staff data is stored in the Nebraska Student Information System. However, we are still working to determine what information the person responsible for the breach could have accessed and whether that information was compromised. We’ll be updating the http://nebraska.edu/security website with current information related to the investigation and we will notify additional individuals who may have been affected if necessary.
I haven’t received a notification from the university stating that I have been impacted by the breach. Does that mean I don’t need to worry?
Not necessarily. At this time, we have communicated directly with individuals who have bank account information associated with the NeSIS and with all current students and employees, but we may communicate directly with additional people based on the findings of our investigation. In the meantime, we will update this website regularly with current information related to the breach. We also encourage any concerned individual to monitor their bank accounts closely over the next few weeks and report any suspicious activity to their financial institution.
I paid my tuition bill with a credit card. Do I need to be worried about my credit card number being impacted by the breach?
No. Credit card numbers are not stored in the Nebraska Student Information System, so this information was not compromised by the breach.
NeSIS is the electronic database that contains personal records for students, parents, employees, students who have graduated since 1985 and applicants of the university’s four campuses and Nebraska’s three state colleges. It manages nearly every aspect of the student experience, including admissions, housing and course registration. The system was implemented over a three-year period by a team of representatives from all campuses of the university and the state colleges. A steering committee representing all of these institutions oversees its operation, NeSIS has been in place for approximately two years. More information about NeSIS can be found here.
On May 23, 2012 at 10:00 P.M., a staff member of the Computing Services Network detected a security breach in the Nebraska Student Information System, indicating that an individual had gained access to the database. This was a skilled attack on our system that was discovered and shut down within hours of its discovery. Computing Services Network personnel were able to identify the IP addresses used in the attack and have worked with law enforcement officers to identify the person believed to be responsible, a UNL undergraduate student.
The University of Nebraska has a number of industry-standard information security controls in place to protect our information systems and sensitive data. The legal investigation into this week’s security breach is still in progress, so we cannot yet comment on the details of this particular incident. However, we are confident that the type of attack we experienced would have bypassed any encryption that was in place.
We take the protection of personal information of our students and past students very seriously, and we will continue to examine our overall security architecture, including data encryption solutions, to determine what further steps are required to ensure our systems and data are protected. We are partnering with a leading information security firm to assist us in this review and will make any necessary changes to our information security controls so that we are better protected in the future.