Security Incident
Notice Security Breach Information
More Information
phone icon Call Our Service Center 402-472-7373 (Toll Free) M-F 8 a.m. – 5 p.m. CST
NEWS RELEASES NOTIFICATIONS ASK A QUESTION

On May 23, 2012 the University of Nebraska experienced a breach of the Student Information System, which houses data for current and past students, faculty, staff, applicants and others. The questions and answers below contain more information about the incident, who was impacted and what steps should be taken by those impacted.

Is my personal information at risk?

How do I know if I am impacted?

To see what (if any) data the Nebraska Student Information System contains about you, click here. Choose your relationship to the University, enter your name, date of birth (and NUID if available) to check the database. You will then see a message stating whether or not you were found in the database and, if so, what information is present.

What can I do to protect myself?

What is a Fraud Alert?

Placing a Fraud Alert on your credit record indicates to anyone requesting your credit file that you suspect you may be a victim of fraud. When an attempt is made to open a new credit account or make a change to an existing account, the lender will take additional steps to verify that you actually authorized the request. If the lender cannot verify the request, it could be denied.

How do I activate a Fraud Alert?

Each of the three credit services offers a free 90-day fraud alert service. Once you register with one agency, the other two will automatically be alerted.

Here are links to information for activating the free initial fraud alert protection for each agency:

Is there a local number I can call?

The University of Nebraska has opened a toll-free service center for individuals potentially impacted by the recent breach of the Nebraska Student Information System. The number is 402-472-7373 and the center will be open Monday-Saturday from 8 a.m. – 5 p.m. CST. Current and past students, employees, applicants, parents or anyone who is concerned that he or she has information in the NeSIS can call. We also encourage you to submit questions via this website (see link in the upper-right hand corner).

Who is impacted?

Who is affected by the breach?

The Nebraska Student Information System contains Social Security numbers, addresses, course grades, financial aid, housing and other information for current NU students, parents, employees, past students who attended the University since 1985 (UNL), 1986 (UNO), 1990 (UNK), 2004 (NCTA) or 2010 (UNMC), and applicants to the university’s four campuses and Nebraska’s three state colleges. It also contains personal and financial information for parents of students who applied for financial aid, as well as NU employees and prospective students who requested that their ACT scores be sent to the university in the past two years. Individuals with bank accounts associated with NeSIS were alerted soon after the breach and advised to monitor their accounts closely in the coming weeks and to report any suspicious activity to their financial institutions. Current and past students, employees and others also have been notified of the breach, and additional notifications are continuing as necessary.

Has my personal information been compromised? How will I be notified about this?

The university is continuing to work with law enforcement to determine the exact nature of the breach and will communicate with those who may have been affected via email and/or personal letter. We also will provide updated information at http://nebraska.edu/security.

Does the breach affect students on all four campuses?

Yes. The security breach affects students, past students, and applicants of the university’s four campuses: UNL, UNO, UNK and UNMC, as well as the Nebraska College of Technical Agriculture. The breach also affects NU employees and parents of students who applied for financial aid.

I am a past student of the university. Are my records affected?

The Nebraska Student Information System contains student records that were transferred from campus systems. The effective dates are as follows:
  • UNL Fall 1985+
  • UNO Spring 1986+
  • UNK Fall 1990+
  • NCTA Fall 2004+
  • UNMC Fall 2010+
Although we are still working to determine whether anyone’s personal information was compromised, there is potential that your records may have been affected if your enrollment at the university falls into this time period. If your enrollment stopped at the attending campus prior to the associated date listed above, then your information is not in the system. These are student records only.

I am a parent of an NU student. Is my information at risk?

Personal information supplied by parents of students who applied for financial aid for the past three aid years is contained within the NeSIS. We are still working to determine which parents are affected and what information may have been accessible. We will update the http://nebraska.edu/security website with current information related to the breach, and we will notify additional individuals who may have been affected if necessary.

Are university faculty and staff impacted?

Some faculty and staff data is stored in the Nebraska Student Information System. However, we are still working to determine what information the person responsible for the breach could have accessed and whether that information was compromised. We’ll be updating the http://nebraska.edu/security website with current information related to the investigation and we will notify additional individuals who may have been affected if necessary.

I haven’t received a notification from the university stating that I have been impacted by the breach. Does that mean I don’t need to worry?

Not necessarily. At this time, we have communicated directly with individuals who have bank account information associated with the NeSIS and with all current students and employees, but we may communicate directly with additional people based on the findings of our investigation. In the meantime, we will update this website regularly with current information related to the breach. We also encourage any concerned individual to monitor their bank accounts closely over the next few weeks and report any suspicious activity to their financial institution.

I paid my tuition bill with a credit card. Do I need to be worried about my credit card number being impacted by the breach?

No. Credit card numbers are not stored in the Nebraska Student Information System, so this information was not compromised by the breach.

What happened?

What is NeSIS?

NeSIS is the electronic database that contains personal records for students, parents, employees, students who have graduated since 1985 and applicants of the university’s four campuses and Nebraska’s three state colleges. It manages nearly every aspect of the student experience, including admissions, housing and course registration. The system was implemented over a three-year period by a team of representatives from all campuses of the university and the state colleges. A steering committee representing all of these institutions oversees its operation, NeSIS has been in place for approximately two years. More information about NeSIS can be found here.

How did the breach occur?

On May 23, 2012 at 10:00 P.M., a staff member of the Computing Services Network detected a security breach in the Nebraska Student Information System, indicating that an individual had gained access to the database. This was a skilled attack on our system that was discovered and shut down within hours of its discovery. Computing Services Network personnel were able to identify the IP addresses used in the attack and have worked with law enforcement officers to identify the person believed to be responsible, a UNL undergraduate student.

Is the data in the NeSIS encrypted?

The University of Nebraska has a number of industry-standard information security controls in place to protect our information systems and sensitive data. The legal investigation into this week’s security breach is still in progress, so we cannot yet comment on the details of this particular incident. However, we are confident that the type of attack we experienced would have bypassed any encryption that was in place.

We take the protection of personal information of our students and past students very seriously, and we will continue to examine our overall security architecture, including data encryption solutions, to determine what further steps are required to ensure our systems and data are protected. We are partnering with a leading information security firm to assist us in this review and will make any necessary changes to our information security controls so that we are better protected in the future.

What actions have the university taken?

  • The university took immediate action to revoke the unauthorized access.
  • The university took action to correct the breach and prevent further unauthorized access to individuals’ personal information.
  • The university notified law enforcement and, by identifying the IP addresses used to access the system, identified the individual believed responsible. On Wednesday night, May 30, the University announced that they have seized computers and other equipment of a UNL undergraduate student and are conducting forensic analysis of the computers.
  • The university has engaged a leading firm specializing in data breaches and forensic analysis to assist in the investigation. This will help the university identify limitations in the system and put new safeguards in place for the future.
  • The university has communicated directly with individuals with bank accounts associated with the NeSIS system, as well as employees and students, and advised them on safeguarding their personal information.
  • The university has created a website where concerned individuals can submit questions and stay up-to-date on the most current information related to the breach and ongoing investigation.
University of Nebraska 3835 Holdrege Street, Lincoln, Nebraska 68583 | 402.472.2111 | Comments?Follow the University of Nebraska on Twitter
© 2014 University of Nebraska Board of Regents