Important Message Regarding University Information Technology Security and Access

AUG. 16 UPDATE: U.Va. Completes Upgrades to IT Systems After Cyber Attack 

To the University Community:

The University of Virginia has confirmed that sophisticated attackers originating from China illegally accessed portions of the University’s information technology systems. Federal authorities had alerted the University of a possible cyber attack, and this was confirmed by the University on June 11. Upon becoming aware of the attack, the University engaged Mandiant, an internationally recognized cybersecurity firm, to immediately help the University identify the nature of the attack and take corrective action. This action included enhanced security measures to further fortify University data and systems.

The University has been working with federal authorities during the course of this investigation.

Our forensic investigation has indicated that no personally identifiable information — such as Social Security numbers and banking information — or personal health information was accessed. There is also no evidence that sensitive research material was accessed.

The University is in the process of upgrading security systems to further strengthen the security of data and information stored on University resources and to help prevent future cyber attacks.

The system security upgrade will begin at 5:00 p.m. ET on Friday, Aug. 14. The upgrade is anticipated to be completed by the evening of Sunday, Aug. 16. During this period of time, access to many University systems, including University email accounts, will not be possible.

The University is also requiring all users to change their Eservices login passwords after the system upgrade is complete. (Please see “How do I change my password…” for more details).

It is important to note that the U.Va. Medical Center will not be affected during this system upgrade as its information technology resources are on a separate secured system that was not targeted by the attackers. Patient services will not be affected. U.Va. Health System employees will have access to their systems and Health System email accounts.

You will find answers to additional questions and other information regarding this matter below and online at www.virginia.edu.

When the system upgrade is complete, an email message and a text message will be sent via U.Va. Alerts to users who have registered for the text message service. The community can also check www.virginia.edu for updates on the progress of the system upgrade.

For technical questions related to the system upgrade or the password change, call the U.Va. Help Desk for IT at 4-HELP (434-924-4357) or toll-free 866-469-4866. For general information about this incident, please call toll-free 877-939-6228.

The security of your information and other data stored on University systems is a high priority, and we are working diligently to address this matter. Cyber attacks and other information technology threats have grown rapidly in recent years. These attacks occur in many places, including businesses in the public and private sectors, government and institutions of higher education, and the attacks come in many different forms.

We appreciate your cooperation, and more importantly your patience, as our dedicated teams of professionals work diligently to upgrade our systems and further enhance the University’s information technology infrastructure.

Sincerely,
Patrick D. Hogan
Executive Vice President and COO

Media Contact

Anthony P. de Bruyn

Office of University Communications