On May 29, NSU sent out a message via email and social media notifying the public of a network disruption. The university followed with an update on June 1 and announced that early on May 26, its IT team became aware of a cybersecurity incident and disabled the entire network "out of an abundance of caution" to begin investigating it.
At that time, NSU and its consultants said they had found "no evidence" that NSU data has been stolen.
However, on June 15, NSU notified its student, staff, and faculty that external security experts had confirmed some NSU data has been posted on the dark web, including images of personal identification data such as driver's licenses, passports, W-9 forms and Social Security numbers, as well as spreadsheets and letters.
The dark web is a facet of the internet not indexed by search engines. Much of the material could constitute privacy invasion, and many of the listings — almost 60 percent, according to experts — involve criminal activity. Legitimate chat rooms and games can also be found there for people who know where to find it.
NSU said its IT department is working diligently with federal law enforcement and cyber experts to further assess the extent of the data compromised, as well as next steps for its retrieval.
Officials recommended the NSU community monitor their personal data and guard against any attempts of identity theft. In accordance with state and federal regulations, NSU said individuals will be notified should it be determined that their protected information was accessed during this cyber incident.
LEARN MORE
A list of frequently asked questions and important security resources is available at www.nsuok.edu/ITsecurityresponse. NSU asked those who receive communications from people claiming to have their personal information, or who are otherwise suspicious, not to respond and to immediately report the incident to itsecurityresponse@nsuok.edu.
©2023 the Tahlequah Daily Press (Tahlequah, Okla.). Distributed by Tribune Content Agency, LLC.
