Service disruption to some WMU systems and services

Feb. 6, 2023, update

Dear campus community,

The WMU Information Technology community has now restored more than 90% of WMU IT systems and services. Though we have made substantial progress, please be advised that over the next 48 hours there may be some episodic outages as we work to bring all systems fully online.

Please monitor wmich.status.io for additional and specific details on service availability.  If you need assistance or would like to report an issue, please contact your local IT support team. We appreciate your patience as we complete the restoration process.

Sincerely,

Andrew Holmes
Chief Information Officer
Office of Information Technology

Feb. 3, 2023, 4:30 p.m. update

Dear campus community,  

The WMU IT team continues to securely and methodically restore systems and services. Close to 60% of servers have been safely redeployed, and the services they provide have been restored. Some of these services include: 

  • Most computer lab licensing, including ArcGIS, Adams, Autodesk, eCog, JAWS, MasterCam, MatLab, Maxon
  • Some print services 
  • Some faculty and staff file shares and print services
  • Wireless connectivity to network directory resources 
  • Enrollment Management/Admissions Salesforce data integrations (Informatica) 
  • Student Affairs web applications 
  • Unified Clinics - Point and Click 
  • Titanium (CECP) 
  • ImageNow/Perceptive Content 
  • ISSM software 
  • R25 room scheduling 
  • Student Financial Aid service request system 
  • College of Engineering and Applied Sciences IT ticketing system 

The team continues to make significant progress and meet key restoration projections. Local IT teams will continue to communicate when additional services become available. We appreciate your continued patience and support as we work through this intensive process. 

  • Faculty and staff: Connect first with local IT support staff for updates and restoration support. They are in the best position to advise on your situation. Circumstances and solutions will vary from unit to unit. 
  • Students: Please note that faculty and staff will be informed first about restoration so they can prepare to return services to you. We appreciate your patience as everyone is working hard and diligently to restore services securely. You may also check the OIT website later today for the latest information.  
  • Learn the latest about phishing. The University will never send you an email or call you asking for your personal information like passwords or to change your password. 

Sincerely,

Andrew Holmes
Chief Information Officer
Office of Information Technology

Feb. 1, 2023, 5:30 p.m. update

As of 5:30 p.m., the following IT system services have been restored:

  • WMU Secure Wi-Fi
  • EduRoam Wi-Fi
  • Password Manager

If you experience spotty or inconsistent access: Please start with your local IT support as they will have the most current information about your situation and will be in the best position to resolve issues.

Feb. 1, 2023, 1 p.m. update

Dear campus community,

Since our service disruption began, IT staff from the central office and throughout divisions, colleges and departments have been at work investigating, securing and restoring WMU IT Systems. Through their efforts, the vast majority of our teaching, payroll and other operating systems have remained functional. Today I have a substantial update on their efforts to further restore and fortify our IT environment.

HIGHLIGHTS

Key actions to date 

  • Added protection measures at entry points to our network
  • Reconfigured our network and firewall to enhance security
  • Obtained and deployed the latest behavior-based vulnerability detection software
  • Evaluated end-user machines of concern (i.e., those assigned to individuals or in computer labs) to assess vulnerabilities
  • Initiated a comprehensive forensic investigation, which is ongoing, to assess vulnerabilities

What to expect

Today
  • WMU Secure Wi-Fi will be functional for all users.
  • EduRoam Wi-Fi is expected to return to service.

Starting today through next week 
  • All systems and services will begin to return today incrementally. This will be a manual process involving most IT support staff throughout the University and could take up to eight business days to complete fully. 
  • If you experience spotty or inconsistent access: Please start with your local IT support as they will have the most current information about your situation and will be in the best position to resolve issues.
  • Faculty and staff will be notified by local IT support people when local systems have been restored. System restoration will vary based on the services used and local configurations. 

CAUSE
We have determined that an unauthorized user (UU) accessed WMU’s systems on Jan. 19, 2023, necessitating the “key actions” listed above. As part of addressing the intrusion, OIT deployed countermeasures that induced the service disruption to safeguard our systems and data. Proactively suspending access was a measure to protect systems and data that could have been susceptible to the same or a similar intrusion. These systems remained offline until we were able to inspect them and ensure their safety and security. 

With the assistance of external cybersecurity and forensic support, we have evaluated the impact of the intrusion. Now that we are confident in our understanding of the cause and scope of the intrusion, we can share more. We needed time to assess the vulnerability to the University community posed by the UU’s access and to ensure that what we share does not exacerbate our vulnerability with the UU. With that principle in mind, we are sharing as much as we can, as soon as we can, and will continue to do so, bearing in mind that we are still conducting an active forensic investigation.

No systems that centrally maintain university-wide student, employee or patient information were compromised including those that support grading, scheduling, student conduct, advising, financial data, human resources, housing and dining, or patient, customer or similar data. For most users, data as of Jan. 18 will be restored and data created and saved after mid-morning on Jan. 20 will not be affected.

However, we have determined that the UU accessed two University servers, so it is possible that some personal information was disclosed from files stored on those servers. The accessed servers are user backups for faculty and staff. So, accessed data is expected to be limited to records that faculty and staff have maintained and backed up to these servers. Our external forensic support is helping us determine the scope of accessed data.

In terms of data recovery, we have viable backups and will be able to restore all data from those servers to their state as of Wednesday, Jan. 18, 2023. As our forensic investigation continues, we will verify the data that was accessed by the UU and share more when we have additional information that is confirmed by the forensic analysis.

Approximately 200 end-user devices (mostly computers assigned to faculty and staff) of the 130,000 that are registered at WMU were accessed. The University averages 60,000 active devices on its network daily. Affected users have already been contacted and the computers reclaimed, some of which have begun to be returned. Local IT support is working with those users. If you have not already been contacted by University IT staff, you are not among these affected users.

RESOURCES AND HOW YOU CAN HELP

  • The OIT website will be updated as services are restored.
  • Faculty and staff: Connect first with local IT support staff for updates and restoration support. They are in the best position to advise on your situation. Circumstances and solutions will vary from unit to unit.
  • Students: Please note that faculty and staff will be informed first about restoration so they can prepare to return services to you. We appreciate your patience as everyone is working hard and diligently to restore services securely. You may also check the OIT website later today for the latest information. 
  • Learn the latest about phishing. The University will never send you an email or call you asking for your personal information like passwords or to change your password. 

Thank you for your ongoing patience as we work to restore our systems. 

Sincerely,
Andrew Holmes
Chief Information Officer
Office of Information Technology

Jan. 27, 2023

Dear campus community,

The Office of Information Technology (OIT) has been working overtime this week to return our IT systems to full functionality. We are conscientious about the impact the disruption is having and are working as quickly but diligently as possible.

We are focused on an array of highly technical IT administration tasks that provide continuity of services and systems. We are getting positive results and have made good progress this week with some administrative systems already brought back online. 

Here are some things to keep in mind:

  • As has been the case since the outage began, the campus community can proceed with their school and work business as usual but may be unable to or have difficulty accessing certain systems. 
  • Unless your departmental IT support staff contact you, there is nothing you need to do. 
  • Monitor your email and the University website for the most up-to-date information.
  • The most up-to-date list of available and unavailable services are listed below.

Frequently used systems and services that remain available, among others, are:

  • WMU Open Wi-Fi
  • WMU Guest Wi-Fi
  • Elearning 
  • Email 
  • Microsoft products (i.e., Office 365, Outlook, Word, PowerPoint, OneDrive, Teams, SharePoint, etc.)
  • Google accounts

Systems that are temporarily unavailable or have limited availability include: 

  • WMU Secure Wi-Fi
  • EduRoam Wi-Fi
  • File sharing such as a shared drive. These start with a letter like “g:/” and, in those cases, users may not be able to access file shares. 
  • Access to the CMS
  • Password resets
  • Some print services

The Western community has demonstrated remarkable patience and collegiality this week, which has enabled us to focus on the task at hand. We request your continued graciousness so we can resolve the disruption as quickly as possible. The OIT team and I thank you for the teamwork as we work to resolve this issue.

Sincerely,

Andrew Holmes
Chief Information Officer
Office of Information Technology

Jan. 23, 2023

Dear campus community, 
 
The Office of Information Technology team continues to investigate and address the IT service disruption since it began Friday. The team is focused on ensuring the security of our digital assets and network as well as providing continuity of services and systems.
 
Access to the internet remains available through WMU Open and WMU Guest Wi-Fi. Members of the campus community can proceed with their school and work business as usual but may have difficulty accessing certain systems. 
 
Visit the University homepage and check your email for the latest information on availability of systems and services.
 
Frequently used systems and services that remain available (among others) are:

  • WMU Open Wi-Fi
  • WMU Guest Wi-Fi
  • Elearning 
  • Email 
  • Microsoft products (i.e. Office 365, Outlook, Word, Powerpoint, OneDrive, Teams, Sharepoint, etc.)
  • Google accounts

Systems that are temporarily unavailable or have limited availability include: 

  • WMU Secure WiFi
  • EduRoam WiFi
  • File sharing such as a shared drive. These start with a letter like “g:/” and, in those cases, users may not be able to access file shares. 
  • Access to the CMS
  • Password resets
  • Some print services

As the investigation continues, OIT is finding machines that may need updating. Affected users will be contacted by departmental IT support staff. If you are not contacted by your departmental staff, there is nothing you need to do at this time.
 
Andrew Holmes
Chief Information Officer
Office of Information Technology

Jan. 20, 2023

Dear campus community,
 
Today, we detected a service disruption which led to suspending certain WMU computer systems. We’ve been investigating the situation since we became aware. We are methodically working to determine the nature and scope of the disruption.
 
Members of the campus community can proceed with their school and work business as usual. However, you may have difficulty accessing certain systems. Systems that are temporarily unavailable or have limited availability include: 

  • WMU Secure Wi-Fi
  • EduRoam
  • File shares such as a shared drive. These start with a letter like “g:/” and, in those cases, users may not be able to access file shares. 
  • Access to the CMS
  • Password resets

Frequently used systems and services that remain available (among others) are:

  • WMU Open Wi-Fi
  • WMU Guest Wi-Fi
  • Elearning 
  • Email 
  • Microsoft Products (i.e. Office 365, Outlook, Word, Powerpoint, OneDrive, Teams, Sharepoint, etc.)
  • Google accounts

We apologize for the inconvenience and appreciate your continued patience and support. We will provide additional updates as they become available. 
 
Please check the University website for the most up-to-date information. 
 
Andrew Holmes
Chief Information Officer
Office of Information Technology