Frequently Asked Questions Regarding Security Incident at the University of Connecticut School of Engineering

1. What occurred?

The School of Engineering’s staff discovered malicious software present on a number of servers that service the School’s technical infrastructure. Upon discovery, the School immediately notified the University’s Information Security Office (ISO) and began investigation and remediation. It became clear during the course of this preliminary assessment that there was unauthorized access to servers by an unknown person or persons. Further investigation was commenced as soon as it was clear that unauthorized access had occurred.

2. Has the incident been contained?

The School of Engineering and the ISO believe the incident to be contained at this time. All affected servers have been taken offline. All remaining servers are being continuously monitored for suspicious activity. The University is in the process of securing the services of an external digital forensics firm to assist in this investigation.

3. Who is impacted by this incident?

As of this time, we know that all School of Engineering faculty, staff, and students, as well as anyone in the university community who used the School’s Microsoft Lync service, are impacted by this incident. As more information becomes available, if others are impacted, we will update this document and notify those individuals.

4. Has any of my data been accessed as a result of this incident?

At this time there is no evidence that any data related to academics, administration, or research was accessed by the person or persons responsible for this incident. The investigation team is thoroughly inspecting all systems and all data sources for evidence of data access, modification, or deletion.

5. How is the investigation proceeding?

School of Engineering staff are working in collaboration with the ISO to expeditiously and thoroughly investigate this incident, and make any additional remediations where appropriate. An external digital forensics firm is being secured to support and assist with the ongoing investigation. The primary focus of the investigation team is to identify if any data associated with School of Engineering activities were inappropriately accessed, modified, or deleted. The team is working with appropriate parties to narrow down the scope of data that needs to be involved in the investigation. The teams are also working to determine how the incident took place.

6. Will we receive any additional information or update?

If it is concluded that a breach of sensitive data has occurred, all affected individuals will be notified directly in writing that they have been impacted, and notifying them of steps to take and options available to protect themselves from potential identity theft or similar concerns. As additional information becomes available it will be posted on the UConn Information Security Office’s website at http://security.uconn.edu/faq-engr/.