Earlier today, we received notification from EDUCAUSE that they experienced a security breach in early February. We immediately changed our domain administration passwords for miis.edu and middlebury.edu, as recommended by EDUCAUSE. In addition, we have verified that our domain details for miis.edu and middlebury.edu are okay.
Any Middlebury and Monterey users who have an EDUCAUSE account and/or profile should immediately reset their EDUCAUSE passwords and verify their account information at http://www.educause.edu.
PS. If you cannot reach the EDUCAUSE website right now, you might try again in a little while after the initial rush to action has subsided.
Please review the statement from EDUCAUSE below;
February 19, 2013 – Garth Jordan, Vice President, Operations, of EDUCAUSE, issued the following statement with regard to a recent breach of EDUCAUSE servers by an unauthorized third party.
“On February 5th, EDUCAUSE discovered that the server that maintains the .edu domain information and our member profile information was breached. The breach may have compromised .edu domain passwords and information contained in individual EDUCAUSE website profiles, including names, titles, e-mail addresses, usernames, and passwords. Based on our investigation to date, we do not believe the breach included access to credit card data, financial accounts, or other sensitive information.
“EDUCAUSE took immediate steps to contain this breach and we are working with Federal law enforcement, investigators, and security experts to make sure this incident is properly addressed. Additional security measures have been implemented to help prevent any future occurrences.
“As a precaution, we are proceeding as though all individual EDUCAUSE website profiles and all .edu domain holders might have been impacted. We have notified via email all .edu domain holders and all individuals with website profiles about the breach and requested that they change their passwords. All that is required from those impacted by this breach is a password re-set.
“The threat of a breach is a constant business concern; no organization is immune from these illegal and harmful activities. Therefore, our priority remains ensuring the security and privacy of our members, domain holders, and everyone who relies on our services.”
For help with EDUCAUSE website profile password changes, please contact EDUCAUSE Member Services at firstname.lastname@example.org or +1-303-449-4430.