Contact: Maridith Geuder
STARKVILLE, Miss.--A process Mississippi State put into place over the summer to improve security of information stored on university computer systems is ensuring quick response if there's a need, President Robert H. "Doc" Foglesong said Tuesday [Dec. 19].
"We invested months in developing new processes and policies that allow us to respond quickly as issues are identified," he said, adding that MSU last week discovered its first information security breach since a new information security task force was formed.
"We found information containing personal data such as Social Security numbers and names posted to a Web site mistakenly believed to be secure," Foglesong explained. "When we learned that the site actually was publicly accessible, we took the server offline immediately and began an investigation."
As a precaution, Mississippi State began the process of notifying approximately 2,400 individuals that their personal data was on the server.
"We are keenly aware of the need to protect the private data required for an organization like ours to do business," Foglesong said. "It's for that reason that we went through a yearlong process of moving away from the use of Social Security numbers and assigning more than 20,000 students, faculty and staff unique nine-digit identifiers used only at MSU."
That process was completed last spring with the issuance of new identification cards to each student and employee.
In the recent incident, Foglesong said the posted information pre-dated the new ID system. In response to the incident, the university is offering to provide free credit monitoring to all affected individuals who were sent a notification letter. The service will be available for one year through a major national credit organization "because it's the right thing to do," he added.
MSU also has established a Web site about the specific incident and about identity protection in general at www.identityprotection.msstate.edu. Individuals wishing to see if they were affected by the incident are advised to click on the icon for "Dec. 6 Security Incident" and follow the links provided.
"In response to incidents like this one and the increasing number of Internet-enabled computer attacks, Mississippi State continually is modifying its systems and practices to enhance the security of sensitive information," Foglesong said. "We are committed to doing everything we can to maintain the privacy of personal information."
For more information about Mississippi State University, see http://www.msstate.edu/.