Earlier this week, SecurityWeek reported that the University of Nebraska was investigating a cyber attack that resulted in a security breach of an information system that houses sensitive data on students and alumni dating back to 1985 that contains personal records for students, alumni and applicants of the university’s four campuses and could affect up to 650,000 individuals.
University of Nebraska officials now are saying they have identified a student who they believe was responsible for the security breach.
“We have seized computers and related equipment belonging to a UNL undergraduate student who we believe is involved in this incident,” said UNL Police Chief Owen Yardley. “They are currently in the hands of law enforcement and undergoing analysis.”
Yardley added that the individual was identified by University of Nebraska IT staff through the IP addresses used to access the system. “The forensics process can be very time-consuming,” he said.
The university has yet to name the individual, and said will not be released until an arrest is made.
“In order to assist with the criminal investigation, police asked the university not to release information about this security incident during the first 48 hours as work was done to verify the identity of the individual involved and necessary legal steps were taken to seize the property,” Yardley said.
Meanwhile, Joshua Mauk, the university’s information security officer, said that the university and law enforcement officers are currently analyzing how the breach occurred, and attempting to determine if, and what information may have been downloaded.