ISSUE
Over the past week, two security incidents have occurred.
Both incidents involved the use of stolen credentials that had been previously compromised from other breaches, not related to Kent State, but unfortunately included Kent State credentials. These credentials were used to test against legacy mailing services provided by Kent State University.
Bad actors collected these usernames and passwords, then used legacy email protocols to determine whether these accounts were active. The Office of Security and Access Management detected this activity and disabled the protocols to prevent further account verification.
The Cyber Security Incident Response Team responded immediately once the attack was known, determined which accounts had been compromised and informed individuals to take appropriate actions. Faculty and staff were sent an email to inform them of the activity in the event they receive questions from students.
In-person and phone support were made available to assist individuals in regaining access to Kent State systems (see below).
OUR RESPONSE
Required emergency security maintenance has blocked legacy mailing protocols within Microsoft O365. This may affect the ability to access Kent State email through certain email applications.
Kent State University’s Cyber Security Response Team has a high degree of confidence, based on the attack type and analysis, that no other Kent State sensitive data had been compromised.
Affected individuals have been notified via email that their FlashLine passwords will be automatically reset on Thurs., Sept. 26 at 7 a.m., causing them to lose access to their Kent State accounts and to all Kent State systems.
If you have received an email notifications that your account was affected, you can avoid losing access to university systems by resetting your password prior to Thurs., Sept. 26 at 7 a.m.
If your account was affected, change your password by logging in to FlashLine and following the prompts. Do not use a password you have used on other services or websites.
After you have finished changing your password, go to SecureMyAccount.kent.edu and enable multi-factor authentication (MFA) on your account. Your information will be added to a list to have MFA automatically enabled on your account if you have not already done so.
If you have lost access, staff are available in the locations listed below to help you regain access and to enable MFA on your account. Make sure you have your FLASHcard or photo ID with you.
Kent Campus Students:
Library Technology Helpdesk on the library first floor (next to Starbucks)
- Thursday: 9 a.m. – 9 p.m.
- Friday: 9 a.m. – 5 p.m.
- Saturday: noon – 5 p.m.
- Sunday: 1 – 9 p.m.
TechHelp Service and Repair Center in the Tri-Towers Rotunda
- Thursday: 9 a.m. – 7 p.m.
- Friday: 9 a.m. – 5 p.m.
- Sunday: noon – 7 p.m.
Regional Campus and Distance Learning Students:
- Call the Help Desk at 330-672-4357
Regional Campus Students:
- Ashtabula: Room C234 of Main Hall
- East Liverpool and Salem: Call the Help Desk at 330-672-4357
- Geauga: Room 130
- Stark: Walk up desk at the East Wing of the Main Hall
- Trumbull: Classroom Admin building room 122
- Tuscarawas: A214, Network Services office
IMPORTANT NOTES
Kent State IT has a high degree of confidence that no other Kent State systems, assets, data, or technologies were impacted. We are continuing to investigate and will inform of any findings.
Never use your Kent State user name and/or password for any other website or application.
Go to SecureMyAccount.kent.edu to enable multi-factor authentication (MFA) on your Kent State account. MFA will notify you if there is suspicious activity on your account.
If you have any questions, please feel free to reach out to the Chief Information Security Officer, Bob Eckman at reckman@kent.edu.