The university said it was looking into "recent suspicious network activity" related to MOVEit, an online file transfer system that was recently attacked by a Russian hacking group.
"We are currently conducting a detailed analysis to determine if any SIU personal information may have been acquired as a result of this incident," Wil Clark, chief information officer at Southern Illinois University-Carbondale, said in an email on Wednesday. "We will notify affected individuals as soon as we know the full scope and breadth of the incident and provide additional information and resources to help protect their personal information."
Clark thanked the campus community for its patience, and urged people to take precautions to protect their personal information.
"MOVEit" is a popular system for sending files securely, developed by the Massachusetts-based company Progress Software. SIU's information technology office has several training webpages that teach students, faculty and staff how to use the MOVEit software.
"Using MOVEit minimizes the likelihood that information could potentially be compromised," one page said.
Earlier this month, the CL0P ransomware syndicate began posting on its dark website lists of dozens of government agencies and business that it claimed to have breached by exploiting a vulnerability in the MOVEit software, including the University of Missouri system. The hackers have told victims they should negotiate a ransom or risk having sensitive stolen data dumped online.
UM officials confirmed last Friday that they were aware of CL0P's announcement and were investigating.
Though SIU so far has not been included on the current list, the university has been breached by CL0P before. In December 2020 and January 2021, the hackers stole patient data from the SIU School of Medicine in Carbondale and others by exploiting a flaw in file transfer software from the company Accellion. In that case, SIU provided complimentary identity theft protection services for people whose private information was exposed.
In recent weeks, state cybersecurity officials in Missouri and Illinois have said they are investigating potential impacts from the cyber attack, with Illinois' Department of Innovation and Technology warning that "a large number of individuals could be impacted."
Missouri's Office of Administration has said it would notify the public "as quickly as possible" once its investigation identified anyone who might have been impacted by the cyber attack.
Meanwhile, federal officials are offering a $10 million reward for information linking CL0P to a foreign government, the U.S. State Department's "Rewards for Justice" program announced in a tweet on Friday.
©2023 the St. Louis Post-Dispatch. Distributed by Tribune Content Agency, LLC.
