department menu

Update on October 2020 Security Incident

Dear Campus Community,

Thanks to an amazing campus-wide effort and the help of every member of our community, the threat from the October security incident has been neutralized and our systems are once again safe and even more secure than in the past. We could not have done this without your support and patience. In addition to our gratitude, we wanted to share more information on the security incident so you have a more complete picture of the events and the campus’ actions in response.

In our October 6th communication, we noted that CSUSM user directory data (campus-related information, not personal information) had been accessed by an unauthorized user. We also shared that CSUSM would be conducting a forensic investigation. This investigation has been completed by an outside firm, and after a thorough, weeks-long analysis, the team of security experts did not detect or identify any data exfiltration beyond the basic user information noted in our original communication. We now know that encrypted passwords were taken for later offline decryption and use, but the campus’ actions should preclude any further unauthorized access related to this incident, even if the passwords are later successfully decrypted.

Other (non-CSU) campuses have also been facing very similar security incidents, which points to a pattern of attacks on higher education institutions.

Security Incident Recap   

On October 6, 2020, the campus shared information regarding unauthorized access to campus systems. A forensic security firm was brought in to assist, and it was determined that as early as September (2020), unknown actor(s) had gained unauthorized access to campus systems by using stolen credentials (usernames and passwords) of former student accounts. The unknown actor(s) then utilized various hacking tools to access campus systems and proceeded to steal encrypted passwords for later, offline decryption.

Campus IT staff took actions at the time to contain the unauthorized access, but, unknown to the university, the individual(s) continued to access Cougar Apps by using stolen credentials.  On November 12th campus IT staff were again alerted to unauthorized activities on Cougar Apps and immediately shut down the Cougar Apps system to stop further access and harm. Cougar Apps was brought back online on November 14th with the addition of Multi-Factor Authentication (Duo) for all users. The events and actions of November 12th are the last known unauthorized activities within the CSUSM environment.

Multi-Factor Authentication (Duo) and New Password Rules

In response to the compromised password protections and to avoid further improper access through the use of any stolen usernames and passwords, on November 13th CSUSM began a remediation plan that included two important steps:

  1. enrolling the campus community on Multi-Factor Authentication through the Duo App,
  2. changing the passwords of all campus users.

A large effort began to deploy Duo to all members of the campus community. To date, CSUSM has enrolled over 20,000 accounts in Duo, an extraordinary (and possibly record-breaking) effort.

In addition to Duo, on November 27th CSUSM implemented new security procedures and infrastructure that included the launch of new, more secure password rules (15–32-character passwords) and self-service password reset (SSPR) services.

The campus community was advised of the new password requirements on December 9th. Enforcement of password change requirements for faculty and staff began on January 5th, with student enforcement following on January 20th. As of the close of this security incident, almost 29,000 user accounts have changed their password and all other user accounts have been locked so they do not become future security threats. 

Thank you again for your support as we took the necessary steps to secure our campus systems and your information. We are fully aware of the impact these actions and changes may have had these past few months, and we again greatly appreciate your patience. 

This communication brings this security incident to a close. Any questions or concerns related to this matter should be directed to the Office of the Chief Information Officer at cio@csusm.edu

 

We wish everyone all the best for a successful spring term.

 

Instructional & Information Technology Services

 

Related Technical Support Resources:

For general technical assistance, please visit IITSforyou.

For assistance with Duo, please visit https://Duohelp.csusm.edu/.

For assistance with your password, establishing the Self-Service Password Reset, or regaining access to your account, please visit http://password.csusm.edu/