(WUSA9) -- Thursday, the chair of the President's Task Force on Cybersecurity sent a letter to University of Maryland officials notifying them of a "cyber-intrusion" this past weekend. According to the official, the FBI determined that there was "no public release of any information and no damage to the institution, except for the release of personal data of one senior University official..."
See the entire letter below.
RELATED STORY: UMD extends credit protection after breach
March 20, 2014
Dear Vice Presidents, Deans, Directors and Department Chairs:
The University of Maryland learned of a cyber-intrusion into its network on the morning of Saturday, March 15, 2014. Within 36 hours, the FBI, U.S. Secret Service, and the University's Police Department, working with University's IT security staff, successfully mitigated the intrusion. We thank these organizations for their expeditious and effective actions.
The FBI has informed the University that the intrusion resulted in no public release of any information and no damage to the institution, except for the release of personal data of one senior University official, who has been notified. We are unable to comment further on the intrusion at this time. This matter is unrelated to the data breach of February 18, 2014.
As the investigation proceeded over the weekend, the University took the precautionary step of moving a number of University websites offline. These sites are in the process of being transferred to a different web hosting environment to provide additional levels of security. This strategy was already in place prior to the intrusion, and the move will be completed shortly.
The fight against cyber-attacks requires unrelenting effort. The President's Task Force on Cybersecurity formed a few weeks ago is actively working in these areas:
· Evaluating cybersecurity consulting firms that can assist in strengthening our intrusion prevention and conducting penetration testing.
· Identifying sensitive information in university databases to determine whether they are needed and how to better isolate them. All sensitive records in the breached database that are no longer required have been removed.
· Examining national cybersecurity policies, procedures and best practices to establish an appropriate balance between centralized security and broad access on University networks.
Concurrently, the University IT staff with the support of outside consultants are working almost non-stop to better protect the vast information systems in our networks that are accessible to students, faculty, staff, and others. In the past month, they have:
· Closed the pathways utilized in the February 18, 2014 breach and the recent intrusion.
· Changed passwords for all databases and applications.
· Conducted an initial audit to detect vulnerabilities in individual websites within web hosting environments.
· Accelerated plans to migrate web hosting to a more secure environment.
In the coming days and weeks, we will announce additional security measures. The University is investing the financial and personnel resources required to better protect the personal, financial, academic, and research information of all members of the University community.
Ann G. Wylie
Chair, President's Task Force on Cybersecurity
Interim Vice President and Chief Information Officer