Clickability tracking pixel

NMSU Foundation Says Cyberattack Did Not Compromise Data

An investigation into a cyberattack targeting the nonprofit New Mexico State University Foundation earlier this summer found no evidence of data theft or misused personal information, the university has announced.

by Algernon D'Ammassa, Las Cruces Sun-News / August 5, 2020
Shutterstock

(TNS) — An investigation into a cyberattack targeting the nonprofit New Mexico State University Foundation earlier this summer found no evidence of data theft or misused personal information, the university announced last weekend. 

However, an additional data security incident, dating back to May, was reported by a company providing data services for the university.

After noting unusual network activity late in June, NMSU personnel contacted law enforcement and removed an unspecified number of devices from the network as a forensic investigation began. 

Financial institutions holding foundation funds reported no attempts at unauthorized access to the foundation's accounts or sensitive financial information. 

However, an earlier attack on the foundation's data was reported in July. 

That incident, said to have occurred in May, involved a ransomware attack reported by the Blackbaud company, which provides cloud-based database services. The university said in a news release that that incident "may have resulted in unauthorized access to certain information maintained by Blackbaud."

The foundation said its investigation confirmed that neither the affected devices nor the databases maintained by Blackbaud contained credit card or bank account data, personal identifying information or Social Security numbers.

In response to the incident, the foundation said it was beefing up its cybersecurity under a contract with an unnamed data security firm upon review of its security systems and policies, to include renewed training for employees and testing of compliance with security protocols.

Addressing donors, the foundation stated that it would not use email communications to obtain bank account or credit card numbers; to notify donors of a change of address for the foundation; or new instructions for wiring funds or stock transfers.

"The Foundation will accept credit card payments by phone or via a secure web portal and will communicate changes regarding address or financial instructions by mail that will be postmarked in Las Cruces," the foundation noted in its statement. 

It also warned donors who receive suspicious email messages purporting to be from NMSU or the NMSU Foundation, or are simply in doubt, to contact the foundation to verify authenticity rather than click links or respond with sensitive data. 

In 2019, two public school districts in Doña Ana County were hit with major ransomware attacks.

The Gadsden Independent School District was attacked twice by the Ryuk ransomware virus, requiring the district to "scrub" devices districtwide and rebuild its email system.

Meanwhile, the Las Cruces Public Schools spent much of the 2019-20 school year restoring devices and repairing systems after a similar attack in October.

©2020 the Las Cruces Sun-News, Distributed by Tribune Content Agency, LLC.

Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.

E.REPUBLIC Platforms & Programs