Employees advised to not release usernames and passwords 

On Monday, university president Jesse Rogers told faculty and staff that during the past week Midwestern’s information security had been breached.

In an email sent to faculty, Rogers said the violation was due to faculty, staff or student employees releasing usernames and related passwords to outside entities.

“Due to this release of credentials, one account has generated hundreds of thousands of electronic mails outbound to entities worldwide that have in turn reported our mail service for blacklisting,” Rogers said.

The result is now many universities and vendors won’t be able to receive inbound emails from MSU accounts.

These outside sources are phishers, according to Randy Kirkpatrick, interim chief information officer.

“Phishers would pretend to be legitimate entities requesting username and password date,” Kirkpatrick said. “Just to be clear, any request for username and password date is not legitimate, whether it comes in the form of an email, phone call or someone walking up and asking for this kind of data. Never give out this information to anyone.”

Even though Kirkpatrick said he could not discuss security or cleanup measures, in short term he said there are some sites that would refuse email.

Students should be largely unaffected as their email is hosted at a different network, he said.

“The private information being spoken of is username and password information,” Kirkpatrick said. “It could, however, extend to any private user information that could be used to affect a theft of identity.”

Rogers said the process to fix the breach may take weeks and during that time the university’s business communications will be difficult.

“We cannot divulge what credentials were released,” Kirkpatrick said. “It affected all faculty and staff, but has now largely been resolved.”