MSSU victim of data breach, offering credit protection

Cyber attacked triggered by phishing email
MSSU victim of data breach, offering credit protection

MSSU joins the ranks of Home Depot, Sony and even the federal government as a victim of a data breach.

“We’ve got until September 13th to sign up,” said MSSU theater instructor Ann Lile at her computer. She plans to take advantage of 24 months of complimentary credit monitoring after a getting a letter about a data breach of university email.
Ann added, “Because if anything happens it will be flushed out and identified. And I think if anything does happen, the identity theft insurance really is comforting.” She’s grateful for MSSU communication about the issue and while worried, trusts the university will be there for employees.

The actual breach happened January 9th. The university said in a statement that it quickly got forensic investigators involved to stop the attack and notified the FBI cyber crimes task force and the Missouri attorney general. In that written statement officials said,
“Potentially impacted individuals were a limited number of employees, students and alumni. The investigation has not uncovered any evidence of actual misuse of personal information.” The complete statement appears at the end of this story.

At SNC Squared, we learned how such attacks work, how common they are and why they happen. “The attack on Missouri Southern is about money.”
SNC Squared CEO John Motazedi said it’s cyber warfare. Live maps showed trojan horse style emails being intercepted. Motazedi said, “Since midnight they’ve stopped 6.7 million.”
Several Southern employees opened those kinds of emails exposing names, addresses, birth dates and even social security numbers.
Motazedi said to the bad guys that means, “I can, sell it again, sell it and again. Then after I’ve sold it to everybody, I can go back in and apply as you to get lines of credit, credit cards, loans and buy stuff.”
Motazedi says MSSU was likely targeted with a very authentic official looking email but he says the best protection for identify theft is user education.
He explained, “My recommendation to anyone who ever gets a letter like this: Make sure you start monitoring your credit. Make sure you start monitoring your credit cards. Make sure you start monitoring your bank accounts.” Motazedi said this is important even after the two years of credit monitoring MSSU victims will get because the information is still out there and bad guys can wait to use it.
Lile said she already tracks all her accounts, along with being guarded at the computer. She said, “I don’t click on anything unless I know the person or I look it up in the directory. And if I don’t know it, I just go they’ll contact me if they really need me in another way.”
Motazedi said IT experts can create firewalls and install anti-virus software, but they can’t control what users click on and download. He suggests business owners limit those with administrative privileges so that other users don’t have rights to download software which can limit trojan horse damage. He urges all to do more training about how to spot dangerous emails. Motazedi said look for bad grammar, unexpected email, unusual requests.
MSSU would not tell us the cost of the two year credit monitoring. But Motazedi said it would typically run about 300 dollars per user family.

University’s complete statement
Missouri Southern State University was the victim of a cybersecurity attack on January 9, 2019, triggered by a phishing email. The University responded quickly and engaged a leading forensic investigation firm to help stop the attack and provide subsequent investigation services. The University notified the Federal Bureau of Investigation Cyber Crime Task Force and the Missouri Attorney General’s Office about the incident. The University worked diligently to notify all impacted individuals once the results of external investigation had been completed. Notification letters were sent to only those constituents whose information could have been obtained through working documents in the exposed employees’ email accounts. Potentially impacted individuals were a limited number of employees, students and alumni. The investigation has not uncovered any evidence of actual misuse of personal information. Missouri Southern has offered all impacted individuals 24 months complimentary credit monitoring.