Epsilon Corporation breach causes NIU emails phishing
April 11, 2011
NIU Information Security and Operations is warning students and faculty about a large-scale security breach into the Epsilon Corporation.
The extent is unknown but it appears to be the largest in history, according to a release from ISO Director Jim Fatz.
The release stated NIU does not have a relationship with Epsilon, a marketing company with email services, but some students or faculty may have used their NIU email to register with other corporations that were affected.
The breach is different to other reports because it has been categorized as “spear phishing.” Whereas regular “phishing” is random in nature, “spear phishing” is where the hacker knows the people have a prior relationship with the corporation. The hacker sends an email that looks like the corporation and attempts to extract personal information from the user.
According to the release, identity theft is “extremely high” with spear phishing. It is estimated that hackers obtain private information in about 10 to 12 percent of attempts, the release stated. In random phishing only about .001 percent attempts succeed.
According to the release, recipients of emails asking for private information should never provide an account password no matter how legitimate it may sound.
Those using an NIU-related system that fall prey to a security breach should contact the ITS Helpdesk at 815-753-8100.