East Central University: Notice of Data Incident

East Central University is providing notice of a recent data incident that potentially compromised the security of some private information that ECU maintains. The information on this webpage intends to share what happened, what the University is doing in response to the incident, and what steps individuals can take to help protect against the misuse of their information.

Timeline of Communication

April 9, 2024  

last updated April 17, 2024

Notice of Data Incident

On February 16, 2024, East Central University experienced a directed attack from a cybercriminal group.  While the criminals were not successful in taking down ECU’s critical services, they were able to conduct a successful attack on a variety of campus computers. The criminal group attempted to attack ECU systems, steal data, encrypt ECU computers, and otherwise extort the campus.

Upon learning of the attack, ECU I.T. brought in a 3^rd-party cyber security response team to assist in stopping and recovering from the attack. The two teams immediately began working through incident response protocols to determine the scope of the attack, deploy countermeasures, gather forensic data, and gain visibility into the campus network/systems.  Additionally, ECU began resetting passwords, evaluating critical services, and implementing an incident response strategy.

ECU developed several internal communications strategies to determine the information impacted as well as address individual concerns. These methods included several direct emails plus open mandatory forums for employees and optional public forums for students to obtain additional details.  Additionally, a web page was created with more information and a list of FAQs, as well as a designated email and phone number for questions and concerns.

The scope and scale of the data involved on the servers attacked are still being investigated, but currently there has been no evidence that any information was taken.  However, this week, we determined that a number of individual names and Social Security numbers and financial information may have been accessible to the criminal group – while we have no confirmation that they were in fact accessed, much less taken, we are providing this notice while we continue to investigate.

ECU students, employees and the public can visit the ECU website for updates regarding the attack at https://www.ecok.edu/data-incident/ or email IT_updates@ecok.edu or call  580-559-5967.

Anyone concerned that their information may be affected should visit, www.identitytheft.gov. 

This notice will be updated as more information is obtained.

Thank you again for your continued support and understanding.

April 2, 2024

Dear ECU Family,

It has been approximately a month since our last communication regarding the data incident, and we want to provide you with a brief update and reiterate some important points.

As of now, we continue to review all information we receive regarding the incident and ways we can improve security going forward. However, we want to emphasize the importance of remaining vigilant and proactive in handling any information related to the incident and the affected servers.

Here are a couple of key reminders:

1. Exercise Diligence: It is crucial for everyone to remain vigilant regarding any information pertaining to the incident or the servers involved. If you come across any information that has not been previously addressed in our town hall meetings, please reach out to us immediately at IT_update@ecok.edu or contact your respective vice president.

2. Reporting Protocol: In the event that you receive any requests for information, questions, comments, or any other communication related to the incident, do not respond directly. Instead, promptly forward such requests to IT_updates@ecok.edu and inform your vice president.

Our investigation into the incident is ongoing, and we are committed to resolving the issues surrounding the cyber incident that occurred in February. Your cooperation and assistance are invaluable as we navigate through this process.

Thank you for your continued support and understanding.

March 4, 2024

Dear ECU Faculty and Staff,

Thank you to all who attended today's meeting. We acknowledge that you may have additional questions regarding the recent data incident. In an effort to streamline communication and address your concerns more efficiently, we have established a dedicated website featuring frequently asked questions.

Please direct all your inquiries to the following resources:
1.    Website: www.ecok.edu/data-incident
2.    Email: it_updates@ecok.edu
3.    Phone: 580-559-5967

The website will be continually updated as we receive more questions, ensuring you have access to the latest information. We encourage you to visit the site first, as it contains a list of frequently asked questions that may offer immediate answers to your queries. For any specific concerns or additional information, please feel free to contact us through the provided email address or phone number.

Your patience and understanding during this time are sincerely appreciated. We are committed to keeping you informed and addressing any concerns you may have. Thank you for your cooperation.
 

March 1, 2024

Dear ECU Faculty and Staff,

We have recently determined that an international cybercriminal group has attacked a number of ECU servers and encrypted the information on them. We are working with outside parties to determine precisely what happened to the information on those servers. We have also alerted the FBI and other law enforcement agencies.

While we have no confirmation at this time that any information was taken, we are notifying you out of an abundance of caution.

We are very sorry for this inconvenience and will provide you with additional information during one of the two mandatory in-person town hall meetings scheduled for Monday March 4th, at either 2 p.m. or 2:45 p.m. in the Estep Multimedia Center. We will be sending two meeting invites today, please plan to attend one of the meetings. 

We appreciate your patience as we continue to work to resolve these issues and protect the ECU community.
 

February 27, 2024

ECU Campus Community,

On Friday, February 16, 2024, ECU identified an issue impacting the ECU shared drives.  The ECU IT team is working with outside experts to guide us through the process of reviewing and assessing the cause and extent of the impact. Together, the teams are working around the clock to assess and prepare for the next steps.
 
What we do know is that the applications we use daily (Microsoft Office, Blackboard, Colleague, etc.) can be used as usual. During the assessment process, we will communicate all updates via IT_updates@ecok.edu, and we will create a page on the website to answer many of the frequently asked questions.

February 19, 2024

Dear Campus Community,

As a follow up about issues with our file servers, we are continuing to investigate the extent of the issues, and will provide updates once we have confirmation of the impact on the servers.  
 
We appreciate your patience as we work to resolve these issues. If you have any questions or issues with university technology, please direct them IT at helpdesk@ecok.edu or 580-559-5884.
 

February 16, 2024 

Good Morning – 

Please be aware that we have had an issue with the file server for several departmental file shares.

IT is aware of the issue and is working on it.

If anyone experiences any oddities or has questions related to unusual activity or messages on their workstation, please let the helpdesk know.

We will keep you apprised as more information becomes available.