Washington State University is the target of a sophisticated hacking attempt that was detected more than a month ago and that may have compromised user names and passwords of student and staff email accounts.

Share story

PULLMAN — Washington State University administrators have announced they are trying to thwart a sophisticated hacking attempt detected more than a month ago.

Students and staffers were notified Thursday evening that administrators “became aware” of suspicious activity in the university’s email and directory systems July 8. The university said it swiftly launched an investigation with help from federal investigators and a private cybersecurity firm.

The university said it has found no evidence the hackers have accessed sensitive data like Social Security numbers and banking information. But they may have stolen user names and passwords that students and staff use to access their university email accounts; the same information is used to access MyWSU, the site where students manage their class schedules and financial aid.

Students and staff members are being urged to change their passwords. The university warned that some services may be interrupted as it works to flush the hackers from computer systems.

In the statement Interim President Daniel Bernardo said the school waited to notify students and staffers to avoid tipping off the hackers to the investigation.

“It was important that we keep our attackers unaware of our course of action until initial countermeasures were under way,” the statement said.

WSU spokeswoman Kathy Barnard declined to say if there’s any indication where the hackers are located. “Because it’s still under active investigation, I’m really not at liberty to discuss those kinds of details,” she said.

Matt Skinner, an associate vice president, declined to name the federal agencies and security firm investigating the breach. He also declined to say when the initial breach may have occurred. Attempts to reach an FBI spokesman Friday were unsuccessful.

In an emailed statement, Skinner said the university will employ new software and “eliminate compromised communication channels” to avoid future breaches.

Barnard noted the cyberattack breach is among the latest in a series on American universities. According to a July 2013 article in The New York Times, millions of attacks each year are thought to originate in China.

Officials announced late last month that hackers in China may have stolen the Social Security numbers and credit-card details of up to 6,000 students and staffers at the University of Connecticut. This month, the University of Virginia announced that hackers had accessed the email accounts of professors whose work is related to China.