Northeastern State University data stolen, posted on dark web

By John Dobberstein, Editor

Northeastern State University said its external security team discovered personal data from the May security breach has been compromised.

The data includes images of personal identification data such as driver’s licenses, passports, W-9 forms and social security numbers, as well as spreadsheets and letters, the university said in a campus wide update.

Some of the information has been posted on the dark web, the consultants said.

The university’s IT team discovered the cyber attack early on May 26. NSU originally said it didn’t believe data had been compromised but the situation clearly changed over the past week.

“NSU IT is working diligently with federal law enforcement and cyber experts to further assess the extent of the data compromised, as well as next steps for its retrieval,” the university said in its email.

“We recommend the NSU community monitor their personal data and guard against any attempts of identity theft. In accordance with state and federal regulations, individuals will be notified should it be determined that their protected information was accessed during this cyber incident.”

NSU shared a list of frequently asked questions and important security resources is available at www.nsuok.edu/ITsecurityresponse.

Anyone affiliated with NSU receiving communications “from persons claiming to have your personal information,” or which are otherwise suspicious, should not respond, and immediately report the incident to itsecurityresponse@nsuok.edu.

For updates, subscribe to our free newsletter!