Oregon State University announced Friday that 636 student records and family records of students containing personally identifiable information were potentially affected by a data privacy incident that occurred in early May.
An OSU employee’s e-mail account was hacked by individuals outside the university and used to send phishing e-mails across the nation. An investigation by OSU and forensics specialists found several documents in the inbox of the OSU employee’s e-mail account that had personal information of 636 students and family members of students.
“OSU is continuing to investigate this matter and determine whether the cyber attacker viewed or copied these documents with personal information,” said Steve Clark, the university’s vice president for university relations and marketing. “While we have no indication at this time that the personal information was seen or used, OSU has notified these students and family members of this incident. And we have offered information about support services that are available, including 12 months of credit monitoring services that the university will enable at no cost.”
Clark said OSU is reviewing the many protection procedures and IT systems the university uses to guard its information systems, e-mail accounts, and student and family records. “We will continue to monitor such efforts and systems, and take further steps to protect the university’s information technology and sensitive data,” he said.
The university has created a customer service call center in response to this incident. Students and family members seeking more information about this matter may call the center at 541-713-0400.