Service disruption to some WMU systems and services (updates and information)
April 10, 2023, update
Dear campus community,
As we previously communicated, WMU determined that an unauthorized user accessed certain University computer systems in January. In response to the incident, we immediately took steps to secure our systems, including imposing a temporary computer services interruption. We also notified law enforcement and launched an investigation. Subsequently, we were able to restore full service to University systems and access to most files. We have completed our investigation and have now moved to the next steps, which involve informing those individuals whose data may have been exposed.
In the intrusion, no systems that centrally maintain Universitywide student, employee or patient information were compromised including those that support grading, scheduling, student conduct, advising, financial data, human resources, housing and dining, or patient, customer or similar data.
The data accessed was from files stored by campus community members on backup servers. Our investigation revealed that some of those files contained individuals’ personally identifiable information and, in some cases, even social security numbers. The majority of these records are from the late 1990s and early 2000s; other files are more contemporary. Notification letters are being sent to the homes of individuals whose information was potentially involved in this incident. If you do not receive a notification by mail, your personal information was not contained in the data.
For individuals whose personally identifiable information was involved, we have arranged for identity monitoring at no cost for one year. The monitoring services include credit monitoring, fraud consultation and identity theft restoration.
To help prevent a similar incident from occurring in the future, we have implemented additional safeguards and technical measures to enhance the security of our network. Fortifying our IT system is an ongoing practice at WMU, and each member of the campus community who uses digital technology also has a role to play in the security of our institutional and personal data.
If you have questions, please call (888) 357-4032, Monday through Friday, from 9 a.m. to 9 p.m.
Thank you,
Andrew Holmes
Chief Information Officer
Office of Information Technology
Feb. 6, 2023, update
Dear campus community,
The WMU Information Technology community has now restored more than 90% of WMU IT systems and services. Though we have made substantial progress, please be advised that over the next 48 hours there may be some episodic outages as we work to bring all systems fully online.
Please monitor wmich.status.io for additional and specific details on service availability. If you need assistance or would like to report an issue, please contact your local IT support team. We appreciate your patience as we complete the restoration process.
Sincerely,
Andrew Holmes
Chief Information Officer
Office of Information Technology
Feb. 3, 2023, 4:30 p.m. update
Dear campus community,
The WMU IT team continues to securely and methodically restore systems and services. Close to 60% of servers have been safely redeployed, and the services they provide have been restored. Some of these services include:
- Most computer lab licensing, including ArcGIS, Adams, Autodesk, eCog, JAWS, MasterCam, MatLab, Maxon
- Some print services
- Some faculty and staff file shares and print services
- Wireless connectivity to network directory resources
- Enrollment Management/Admissions Salesforce data integrations (Informatica)
- Student Affairs web applications
- Unified Clinics - Point and Click
- Titanium (CECP)
- ImageNow/Perceptive Content
- ISSM software
- R25 room scheduling
- Student Financial Aid service request system
- College of Engineering and Applied Sciences IT ticketing system
The team continues to make significant progress and meet key restoration projections. Local IT teams will continue to communicate when additional services become available. We appreciate your continued patience and support as we work through this intensive process.
- Faculty and staff: Connect first with local IT support staff for updates and restoration support. They are in the best position to advise on your situation. Circumstances and solutions will vary from unit to unit.
- Students: Please note that faculty and staff will be informed first about restoration so they can prepare to return services to you. We appreciate your patience as everyone is working hard and diligently to restore services securely. You may also check the OIT website later today for the latest information.
- Learn the latest about phishing. The University will never send you an email or call you asking for your personal information like passwords or to change your password.
Sincerely,
Andrew Holmes
Chief Information Officer
Office of Information Technology
Feb. 1, 2023, 5:30 p.m. update
As of 5:30 p.m., the following IT system services have been restored:
- WMU Secure Wi-Fi
- EduRoam Wi-Fi
- Password Manager
If you experience spotty or inconsistent access: Please start with your local IT support as they will have the most current information about your situation and will be in the best position to resolve issues.
Feb. 1, 2023, 1 p.m. update
Dear campus community,
Since our service disruption began, IT staff from the central office and throughout divisions, colleges and departments have been at work investigating, securing and restoring WMU IT Systems. Through their efforts, the vast majority of our teaching, payroll and other operating systems have remained functional. Today I have a substantial update on their efforts to further restore and fortify our IT environment.
HIGHLIGHTS
Key actions to date
| What to expectToday
Starting today through next week
|
CAUSE
We have determined that an unauthorized user (UU) accessed WMU’s systems on Jan. 19, 2023, necessitating the “key actions” listed above. As part of addressing the intrusion, OIT deployed countermeasures that induced the service disruption to safeguard our systems and data. Proactively suspending access was a measure to protect systems and data that could have been susceptible to the same or a similar intrusion. These systems remained offline until we were able to inspect them and ensure their safety and security.
With the assistance of external cybersecurity and forensic support, we have evaluated the impact of the intrusion. Now that we are confident in our understanding of the cause and scope of the intrusion, we can share more. We needed time to assess the vulnerability to the University community posed by the UU’s access and to ensure that what we share does not exacerbate our vulnerability with the UU. With that principle in mind, we are sharing as much as we can, as soon as we can, and will continue to do so, bearing in mind that we are still conducting an active forensic investigation.
No systems that centrally maintain university-wide student, employee or patient information were compromised including those that support grading, scheduling, student conduct, advising, financial data, human resources, housing and dining, or patient, customer or similar data. For most users, data as of Jan. 18 will be restored and data created and saved after mid-morning on Jan. 20 will not be affected.
However, we have determined that the UU accessed two University servers, so it is possible that some personal information was disclosed from files stored on those servers. The accessed servers are user backups for faculty and staff. So, accessed data is expected to be limited to records that faculty and staff have maintained and backed up to these servers. Our external forensic support is helping us determine the scope of accessed data.
In terms of data recovery, we have viable backups and will be able to restore all data from those servers to their state as of Wednesday, Jan. 18, 2023. As our forensic investigation continues, we will verify the data that was accessed by the UU and share more when we have additional information that is confirmed by the forensic analysis.
Approximately 200 end-user devices (mostly computers assigned to faculty and staff) of the 130,000 that are registered at WMU were accessed. The University averages 60,000 active devices on its network daily. Affected users have already been contacted and the computers reclaimed, some of which have begun to be returned. Local IT support is working with those users. If you have not already been contacted by University IT staff, you are not among these affected users.
RESOURCES AND HOW YOU CAN HELP
- The OIT website will be updated as services are restored.
- Faculty and staff: Connect first with local IT support staff for updates and restoration support. They are in the best position to advise on your situation. Circumstances and solutions will vary from unit to unit.
- Students: Please note that faculty and staff will be informed first about restoration so they can prepare to return services to you. We appreciate your patience as everyone is working hard and diligently to restore services securely. You may also check the OIT website later today for the latest information.
- Learn the latest about phishing. The University will never send you an email or call you asking for your personal information like passwords or to change your password.
Thank you for your ongoing patience as we work to restore our systems.
Sincerely,
Andrew Holmes
Chief Information Officer
Office of Information Technology
Jan. 27, 2023
Dear campus community,
The Office of Information Technology (OIT) has been working overtime this week to return our IT systems to full functionality. We are conscientious about the impact the disruption is having and are working as quickly but diligently as possible.
We are focused on an array of highly technical IT administration tasks that provide continuity of services and systems. We are getting positive results and have made good progress this week with some administrative systems already brought back online.
Here are some things to keep in mind:
- As has been the case since the outage began, the campus community can proceed with their school and work business as usual but may be unable to or have difficulty accessing certain systems.
- Unless your departmental IT support staff contact you, there is nothing you need to do.
- Monitor your email and the University website for the most up-to-date information.
- The most up-to-date list of available and unavailable services are listed below.
Frequently used systems and services that remain available, among others, are:
- WMU Open Wi-Fi
- WMU Guest Wi-Fi
- Elearning
- Microsoft products (i.e., Office 365, Outlook, Word, PowerPoint, OneDrive, Teams, SharePoint, etc.)
- Google accounts
Systems that are temporarily unavailable or have limited availability include:
- WMU Secure Wi-Fi
- EduRoam Wi-Fi
- File sharing such as a shared drive. These start with a letter like “g:/” and, in those cases, users may not be able to access file shares.
- Access to the CMS
- Password resets
- Some print services
The Western community has demonstrated remarkable patience and collegiality this week, which has enabled us to focus on the task at hand. We request your continued graciousness so we can resolve the disruption as quickly as possible. The OIT team and I thank you for the teamwork as we work to resolve this issue.
Sincerely,
Andrew Holmes
Chief Information Officer
Office of Information Technology
Jan. 23, 2023
Dear campus community,
The Office of Information Technology team continues to investigate and address the IT service disruption since it began Friday. The team is focused on ensuring the security of our digital assets and network as well as providing continuity of services and systems.
Access to the internet remains available through WMU Open and WMU Guest Wi-Fi. Members of the campus community can proceed with their school and work business as usual but may have difficulty accessing certain systems.
Visit the University homepage and check your email for the latest information on availability of systems and services.
Frequently used systems and services that remain available (among others) are:
- WMU Open Wi-Fi
- WMU Guest Wi-Fi
- Elearning
- Microsoft products (i.e. Office 365, Outlook, Word, Powerpoint, OneDrive, Teams, Sharepoint, etc.)
- Google accounts
Systems that are temporarily unavailable or have limited availability include:
- WMU Secure WiFi
- EduRoam WiFi
- File sharing such as a shared drive. These start with a letter like “g:/” and, in those cases, users may not be able to access file shares.
- Access to the CMS
- Password resets
- Some print services
As the investigation continues, OIT is finding machines that may need updating. Affected users will be contacted by departmental IT support staff. If you are not contacted by your departmental staff, there is nothing you need to do at this time.
Andrew Holmes
Chief Information Officer
Office of Information Technology
Jan. 20, 2023
Dear campus community,
Today, we detected a service disruption which led to suspending certain WMU computer systems. We’ve been investigating the situation since we became aware. We are methodically working to determine the nature and scope of the disruption.
Members of the campus community can proceed with their school and work business as usual. However, you may have difficulty accessing certain systems. Systems that are temporarily unavailable or have limited availability include:
- WMU Secure Wi-Fi
- EduRoam
- File shares such as a shared drive. These start with a letter like “g:/” and, in those cases, users may not be able to access file shares.
- Access to the CMS
- Password resets
Frequently used systems and services that remain available (among others) are:
- WMU Open Wi-Fi
- WMU Guest Wi-Fi
- Elearning
- Microsoft Products (i.e. Office 365, Outlook, Word, Powerpoint, OneDrive, Teams, Sharepoint, etc.)
- Google accounts
We apologize for the inconvenience and appreciate your continued patience and support. We will provide additional updates as they become available.
Please check the University website for the most up-to-date information.
Andrew Holmes
Chief Information Officer
Office of Information Technology