Security Breach FAQ

Security Breach FAQ

What happened? What is the Nebraska Student Information System?
There was a security breach into the Nebraska Student Information System (NeSIS), the electronic database that contains personal records for students, alumni and applicants of the university’s four campuses. The NeSIS manages nearly every aspect of the student experience, including admissions, housing and course registration. It has been in place for approximately two years. More information about the NeSIS can be found here.

Who is affected by the breach?

Together with law enforcement and an external security services firm, the university is working to determine the extent of the breach and to what degree, if any, individuals’ personal information may have been compromised.

The Nebraska Student Information System contains Social Security numbers, addresses, course grades and other information for NU students, alumni and applicants. The university is advising individuals with bank accounts associated with the NeSIS to monitor their accounts closely in the coming weeks and to report any suspicious activity to their financial institutions.

The UNMC portion of NeSIS contains data on current students, applicants for terms starting with August 2010, and alumni beginning with December 2010 graduates. Financial data for applicants who applied for terms in 2010 and 2011 and who were not accepted is not stored in NeSIS.

Has my personal information been compromised? How will I be notified about this?

At this time, there is no clear evidence that any personal information was downloaded. However, the university is continuing to work with law enforcement to determine the exact nature of the breach and will communicate with those who may have been affected via email and/or personal letter. We also will provide updated information at http://nebraska.edu/security.

Does the breach affect students on all four campuses?

Yes. The security breach affects students, alumni, and applicants of the university’s four campuses: UNL, UNO, UNK and UNMC.

I am an alumnus of UNMC. Are my records affected?

The NeSIS contains personal records for alumni as far back as 1985. However, NeSIS contains UNMC data for only the following:

1) current students. Data for all previous degrees at UNMC is included for current students.

2) alumni (and those attending UNMC) from Fall 2010 forward have all of their UNMC associated data in NeSIS - including information from degrees obtained before 2010.

3) applicants (including those not accepted) for Fall 2010 and later. Financial data for applicants who are not accepted to UNMC is retained for no more than a year from the start of the term for which they applied.

A few scenarios exist, however, under which UNMC students or alumni before 2010 would have had information in the database that was accessed. 

UNMC students, applicants, and alumni from before 2010 (as described above) who previously attended UNL, UNO or UNK may have had data related to those institutions – but not their UNMC data --  in the system that was breached. In addition, the NeSIS database also contains records on UNMC students/alumni before 2010 whose primary assignment was on the Lincoln campus, including students in the College of Dentistry or College of Nursing Lincoln Division.

When and how did the incident(s) occur?

On May 23, 2012, a staff member of the Computing Services Network detected a security breach in the system indicating that an individual had gained access to the database. This was a sophisticated and skilled attack on our system that was discovered and shut down within hours of its discovery.

What actions did the university take?

1. The university took immediate action to revoke the unauthorized access.
2. The university took action to correct the breach and prevent further unauthorized access to individuals’ personal information.
3. The university notified law enforcement and is working with them to identify the individual(s) responsible.
4. The university has engaged a leading firm specializing in data breaches and forensic analysis to assist in the investigation. This will help the university identify limitations in the system and put new safeguards in place for the future.
5. The university has communicated with individuals with bank accounts associated with the NeSIS system and advised them on safeguarding their personal information.
6. The university has created a website where concerned individuals can submit questions and stay up-to-date on the most current information related to the breach and ongoing investigation.

Does the university have any indication that any person has suffered identity theft as a result of either of these incidents?

At this time, the university has no evidence or reports of identity theft connected to this incident. However, it is recommended that you review the identity theft materials posted for consumers on the Federal Trade Commission (FTC) website at http://www.ftc.gov/idtheft. This website provides detailed information to help you protect yourself from identity theft, and the steps to take if it occurs. If you notice suspicious activity, you should report it immediately to the university and to any financial institution involved. You should also contact the Federal Trade Commission at www.ftc.gov/idtheft, at 1-877-ID-THEFT (438-4338), or at 600 Pennsylvania Avenue, NW, Washington, DC 20580, and you may call your local law enforcement agency and file a police report of identity theft, keeping a copy of the police report

• TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
• Equifax: 1-888-766-0008; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
• Experian: 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 9554, Allen, TX 75013
• Nebraska Attorney General's Office Identity Theft Repair Kit

I am a parent of a UNMC student. Is my information at risk?

Personal information for parents of students who applied for financial aid is contained within the NeSIS. We are still working to determine which parents are affected and what information may have been accessible. We will update the http://nebraska.edu/security website with current information related to the breach, and we will notify additional individuals who may have been affected if necessary.

Are university faculty and staff impacted?

Some faculty and staff data is stored in the Nebraska Student Information System. However, we are still working to determine what information the person responsible for the breach could have accessed and whether that information was compromised. At this time, there is no clear evidence that any personal information was downloaded. We’ll be updating the http://nebraska.edu/security website with current information related to the investigation and we will notify additional individuals who may have been affected if necessary.

Is there a local number I can call?

The University of Nebraska has opened a toll-free service center for individuals potentially impacted by the recent breach of the Nebraska Student Information System. The number is 888-215-4321 and the center will be open from 8 a.m. – 5 p.m.  Initially, the center will be open seven days per week; call volume will determine any changes in hours or days of operation. Current and past students, employees, applicants, parents or anyone who has questions or concerns can call for more information. UNMC students may contact Student Services at 402 559 4199. However, we encourage individuals to submit questions via http://nebraska.edu/nesis-security-comments.