Iowa State University servers breached, made to mine Bitcoins

Iowa State University has revealed yesterday that five of its departmental servers on campus have been hacked, and that Social Security numbers of nearly 30,000 of its past and present students might have been stolen.

The good news is that while that data was contained on three of the compromised servers, there is no evidence that it has actually been accesses and/or exfiltrated.

The University’s IT staff believes that the servers were targeted not for the information they contained, but for their computing power – the attackers have apparently been using them to mine Bitcoins.

“The five compromised servers are network-attached storage devices made by Synology. Other Synology users have reported similar (bitcoin mining) attacks by criminals”, the University stated.

The IT team has thoroughly examined all information on the compromised servers, deleted files containing any personal student information, and then finally decommissioned, removed from the Internet and destroyed the servers.

“Other servers of the same type are no longer accessible through the internet, have received software updates to prevent hacking, and will be replaced as soon as possible,” they shared, adding that they will be ramping up their security efforts.

“We have notified law enforcement, and we are contacting and encouraging those whose Social Security numbers were on the compromised servers to monitor their financial reports,” said Senior Vice President and Provost Jonathan Wickert.

Potentially affected individuals will also be receiving one year of free credit monitoring services via AllClear.

Students whose SSNs might have been stolen include those who took a class in Computer science between 1995 and 2005; World languages and cultures in 2004, 2007, 2011-2012; and particular classes in Materials science and engineering in 2001.

University IDs of nearly 19,000 students have also been stored on the compromised servers, but that information is of no use to potential attackers. Nevertheless, they will also be directly notified of the breach.

In the meantime, the University is warning everyone to be wary of potential phishing emails that might receive in the wake of this revelation.