Over the weekend, the University at Buffalo, the largest school in the SUNY system, reported a data breach that affected thousands of UB faculty, staff and student computer accounts. Although there is little detailed information about the breach, UB is reporting that “the affected individuals’ login information was stolen when they visited a non-UB website and entered their university log-in information.”
“This incident is a sobering, real-world reminder to us all that the login credentials of faculty, staff and students are targets for organized crime and hackers,” says Christopher Croad, Syracuse University’s Information Security Officer. “These criminals use stolen NetIDs and passwords to harvest personally identifiable information from compromised accounts, or sell them on the ‘dark web’ for use in gaining access to academic assets such as library resources or educational discounts on software and services.”
As more Syracuse University services move to the cloud, it is getting more difficult to identify what is and is not an actual Syracuse University service. It’s best always to be cautious of any site that requires your Syracuse University log-in credentials, and never use those credentials to create an account on any non-Syracuse University system.
“The bad guys will try to ‘phish’ you into logging onto the websites they control through email, attachments and even phone calls,” says Croad. “Be vigilant! We’re all targets, and our best defense against threats is the knowledge, caution and awareness each of us exercises when online.”
If you’re unsure of a website’s validity, please reach out to the Information Technology Services Information Security Team at ITSecurity@listserv.syr.edu or the ITS Service Center at 315.443.2677 or help@syr.edu.
