IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

NMSU Foundation Says Cyberattack Did Not Compromise Data

An investigation into a cyberattack targeting the nonprofit New Mexico State University Foundation earlier this summer found no evidence of data theft or misused personal information, the university has announced.

(TNS) — An investigation into a cyberattack targeting the nonprofit New Mexico State University Foundation earlier this summer found no evidence of data theft or misused personal information, the university announced last weekend. 

However, an additional data security incident, dating back to May, was reported by a company providing data services for the university.

After noting unusual network activity late in June, NMSU personnel contacted law enforcement and removed an unspecified number of devices from the network as a forensic investigation began. 

Financial institutions holding foundation funds reported no attempts at unauthorized access to the foundation's accounts or sensitive financial information. 

However, an earlier attack on the foundation's data was reported in July. 

That incident, said to have occurred in May, involved a ransomware attack reported by the Blackbaud company, which provides cloud-based database services. The university said in a news release that that incident "may have resulted in unauthorized access to certain information maintained by Blackbaud."

The foundation said its investigation confirmed that neither the affected devices nor the databases maintained by Blackbaud contained credit card or bank account data, personal identifying information or Social Security numbers.

In response to the incident, the foundation said it was beefing up its cybersecurity under a contract with an unnamed data security firm upon review of its security systems and policies, to include renewed training for employees and testing of compliance with security protocols.

Addressing donors, the foundation stated that it would not use email communications to obtain bank account or credit card numbers; to notify donors of a change of address for the foundation; or new instructions for wiring funds or stock transfers.

"The Foundation will accept credit card payments by phone or via a secure web portal and will communicate changes regarding address or financial instructions by mail that will be postmarked in Las Cruces," the foundation noted in its statement. 

It also warned donors who receive suspicious email messages purporting to be from NMSU or the NMSU Foundation, or are simply in doubt, to contact the foundation to verify authenticity rather than click links or respond with sensitive data. 

In 2019, two public school districts in Doña Ana County were hit with major ransomware attacks.

The Gadsden Independent School District was attacked twice by the Ryuk ransomware virus, requiring the district to "scrub" devices districtwide and rebuild its email system.

Meanwhile, the Las Cruces Public Schools spent much of the 2019-20 school year restoring devices and repairing systems after a similar attack in October.

©2020 the Las Cruces Sun-News, Distributed by Tribune Content Agency, LLC.

Special Projects
Sponsored Articles
  • How the State of Washington teamed with Deloitte to move to a Red Hat footprint within 100 days.
  • The State of Michigan’s Department of Technology, Management, and Budget (DTMB) reduced its application delivery times to get digital services to citizens faster.

  • Sponsored
    Like many governments worldwide, the City and County of Denver, Colorado, had to act quickly to respond to the COVID-19 pandemic. To support more than 15,000 employees working from home, the government sought to adapt its new collaboration tool, Microsoft Teams. By automating provisioning and scaling tasks with Red Hat Ansible Automation Platform, an agentless, human-readable automation tool, Denver supported 514% growth in Teams use and quickly launched a virtual emergency operations center (EOC) for government leaders to respond to the pandemic.
  • Sponsored
    Microsoft Teams quickly became the business application of choice as state and local governments raced to equip remote teams and maintain business continuity during the COVID-19 lockdown. But in the rush to deploy Teams, many organizations overlook, ignore or fail to anticipate some of the administrative hurdles to successful adoption. As more organizations have matured their use of Teams, a set of lessons learned has emerged to help agencies ensure a successful Teams rollout – or correct course on existing implementations.