During the weekend of Nov. 7, computer servers at Binghamton University became the target of “malicious activity” according to the University’s website, resulting in some services going offline.
Library services, Kronos — which is the physical facilities’ time-tracking and payroll system — and other services were rendered unavailable as a result. Ryan Yarosh, senior director of media and public relations at BU, said the University’s Information Technology Services (ITS) staff took the servers offline and notified law enforcement once they became aware of the crime.
“The University is looking into any effects of this intrusion,” Yarosh wrote in an email. “Currently, the investigation is in the preliminary stages of analysis and mitigation. If it is determined that any individuals’ data was affected, the University will provide those individuals with updates.”
As a result of the security breach, health services have had no access to electronic scheduling nor their note-keeping systems, according to a Nov. 10 email from the University Communications and Marketing department. Those who wish to schedule an appointment with either the University Counseling Center, Decker Student Health Services Center or Decker Psychiatric Services must call their respective phone numbers. No appointment reminders will be sent out, as the patient portal is not currently functioning.
Additionally, University surveillance testing for COVID-19 did not operate on Monday, Nov. 9. Yarosh said efforts are being made to protect the medical privacy of students.
“In regards to testing, out of an abundance of caution, we decided not to bring the server responsible for servicing surveillance testing back up,” Yarosh wrote.
As of Nov. 15, according to ITS, the following services remain down: BingView (VDI), Hyperion/ODS, Medicat, network storage, Print@Binghamton, SAS Visual Analytics, software licensing, virtual servers and storage and other services not listed.
In order to help with updating networking and operating systems, faculty and staff were asked to install Carbon Black on their University-owned computers, according to a Nov. 11 B-Line announcement. Carbon Black is a security tool that protects computers without any user interaction, while reducing the likelihood of future cyberattacks by providing insight into the campus network.
According to the University’s website, it is safe to use personal laptops. Internet connection through both the eduroam Wi-Fi and wired ethernet is also safe to use on both personal laptops and mobile devices. Building card access is currently functioning as it should.
BU Libraries’ interlibrary loan service was restored, according to a Nov. 13 B-Line announcement. The course reserves tool remains unavailable while e-reserves that are library-owned are currently accessible through the libraries’ catalog.
With various library services down throughout the week, students struggled to complete their coursework. Brendan Marry, a senior double-majoring in history and psychology, said the security breach negatively impacted his ability to complete a final assignment.
“The inability to get onto the library website hindered me during research for my final paper because it made it virtually impossible to look at sources that I needed,” Marry said.
Kajsa Kenney, an undeclared freshman, was “acutely impacted” by the security breach.
“I had a short assignment for an anthropology class due last week, and the deadline was consequently pushed, as we were not able to access the library database,” Kenney said. “Fortunately, my professor was very understanding, so it was more of an inconvenience to her, as she had to switch her lesson plan, than it was to us as her students. One of my other classes last week that was supposed to be in person was moved to remote learning that day as a result of the breach.”
Kenney noted that she found the “frequent” updates from the University regarding the security breach to be helpful.
While it remains unclear when all systems will return to normal, Yarosh said the University remains committed to determining what data was compromised and supporting individuals who were affected by the security breach.
“[BU] continues to make progress to repair system outages affecting its business information systems and is bringing systems back online as quickly as possible,” Yarosh wrote. “Safety and academic functions are the top priority, including the ability for students and faculty to access all of their files to enable them to complete assignments and finish the semester.”