This message is to inform you of a serious network security incident which was discovered last week and may have exposed personal information to an Internet hacker. We are currently in the process of notifying members of the MSU community; a copy of the user notice is included below. Tom Davis, Director Academic Computing and Network Services ======================================================================= To: "MSU Community Members" <[log in to unmask]> From: "Vice Provost Gift and Library Director Haka" <[log in to unmask]> Subject: Notice regarding possible exposure of personal information 1 February 2005 Notice Regarding Possible Exposure of Personal Information On January 27, 2005, Academic Computing and Network Services (ACNS) learned of an intrusion into the server that hosts Michigan State University's library catalog system, Magic.msu.edu. ACNS immediately took the server offline and began an investigation. We have found no evidence that the intruders specifically invaded the server in search of personal information, or that personal data were compromised in any way. However, because of the nature of the data stored on the system we thought it best to provide this notice. The Magic server housed a dataset regarding approximately 100,000 members of the MSU community (students enrolled in the last 5 years, present and past active library users, and currently appointed faculty, adjunct faculty and staff). This dataset, which is used to verify library borrowing privileges, includes names, addresses, and Social Security and student numbers. As people are aware, there are constant attacks on computer systems. Many of MSU's peer universities have suffered similar incidents. This intrusion into the Magic system occurred despite a variety of system security mechanisms already in place, which had thwarted attacks in the past. ACNS is continually reviewing and updating security measures, and will continue to monitor security on the systems it maintains. As a matter of good practice, individuals should regularly monitor activity on their credit and bank accounts, and should regularly change passwords on important accounts, including MSUnet account. It is prudent to check your credit history with the three major U.S. credit agencies at least once a year. Consumers also may ask the credit agencies to flag their accounts so that new credit requests require explicit approval by the individual before new accounts are opened. For further information please see the following web site: http://computing.msu.edu/announce If you have any questions or concerns, please contact the ACNS Hotline at (517) 432-7301, Monday-Friday 8:00am - 5:00pm EST, beginning Wednesday, February 2, 2005.