The University of Oregon was not affected by a cyberattack targeting student data and financial aid, according to UO spokesperson Zack Barnett. Colleges and universities have been attacked by an “active and ongoing exploitation” of the software more than 14,000 institutions worldwide use to manage student data and financial aid information, the U.S. Department of Education warned Wednesday.
“The UO was not affected because it is not using and has never used any of the versions of the software listed in the alert,” Barnett wrote in an email to the Emerald.
While UO was not affected, the Department of Education has identified 62 affected colleges and universities so far.
The cyberattack played on a known vulnerability of the Ellucian Banner software system, which schools use to manage student data like student profiles and grades, according to the product’s website.
But the software also manages more confidential information, like enrollment and financial aid. According to the Department of Education warning, at least 600 false student accounts were made at the attacked institutions within 24 hours. “Some of these accounts appear to be leveraged almost immediately for criminal activity,” the Department of Education warning states.
Ellucian released a patch for the vulnerability in May, so only older versions of the software were affected, Inside Higher Ed reported.
While UO was not affected by this breach, it is still beefing up security. UO will be introducing two-factor authentication and a new link protection service among other security improvements, according to Around the O.
Gloss