Ferris State University officials were alerted to an email-based phishing incident involving 21 faculty, staff and emeriti who provided their user ID and password to an unauthorized party as part of a criminal phishing scheme. The incident, which began Tuesday, Jan. 16, was detected and contained by university information technology staff during Jan. 17-19. The university quickly became aware of the incident and worked immediately with those individuals to change their passwords.
Since mid-January, the university IT security staff has done significant cyber forensics work to determine if any of the email files of the 21 individuals were accessed by the perpetrator. Multiple tests run on university systems and files showed no email files were accessed by unauthorized parties. During the due diligence period, to determine if any confidential information was accessed, it was discovered that employee email files included 34 Social Security Numbers, five credit card numbers and five bank account numbers of individuals. Though the forensics work showed the employee email files were not accessed, viewed or downloaded, as a precautionary measure, the university sent letters to the combined total of 44 individuals.
The university has invested in enterprise-class cyber security tools, policies, procedures and staff training to protect the campus community from cyber threats.
“Ferris understands the importance of the privacy and confidentiality of the information of its faculty, staff, retirees, students and prospective students, and we are committed to raising awareness, and further safeguarding our community against these types of cyber threats through additional education and training of our employees,” said Jake Martin, Ferris’ Chief Technology Officer.