Whoever is responsible for the breach logged in to the employees' Ursa accounts, then used the employees' social security numbers to reset their passwords and access their accounts, UNC spokesman Nate Haas said. From there, the perpetrator downloaded the employees' electronic W2 forms. UNC officials believe the employees' social security numbers were acquired outside the university.
Haas said UNC is "pretty confident" no one else is at risk, that no student accounts were affected and that the Ursa system itself isn't vulnerable. University officials are unsure if the affected employees were specifically targeted.
Haas said UNC's cybersecurity monitoring system detected the breach and notified the compromised employees individually. The university disabled the online password reset function, Haas said, so employees who need to do so now have to call UNC's Information Management and Technology office.
The UNC Police Department is investigating the breach and has contacted the Colorado Bureau of Investigation and the FBI, Haas said. There isn't yet a timeline for when the investigation will be complete.
©2018 the Greeley Tribune (Greeley, Colo.) Distributed by Tribune Content Agency, LLC.