University system increases online security


UND student Anna Connell accesses her student account. Photo by Nick Nelson/The Dakota Student.

In response to the multiple employees’ bank accounts getting hacked last semester, the North Dakota University System has added a layer of security.

The additional layer requires employees using Employee Self Service to enter their current direct deposit bank account number before a change to a different number will be accepted. This change went into effect Jan. 27.

Vice Chancellor for Institutional Research and Information Technology Lisa Feldner said although NDUS realizes the change may be bothersome, the measures should help to keep hackers at bay and information better protected.

“We realize this will provide a small inconvenience to you, but hope you’ll agree it will help thwart future attempts to divert direct deposits,” she said in an email addressed to all NDUS students and employees.

Feldner said since the implementation of the extra measures, there has only been one minor issue that occurred because one campus was using a software package not permitted to send data.

“The campus reported the issue and it was fixed within 30 minutes,” Feldner said.

In her email, Feldner also briefly explained the basics of what happened last semester and how the new required steps will make that kind of breach much less likely in the future.

The employees who had their direct deposit banking information changed during the hack last semester lost paycheck deposits, accumulating to approximately $30,600.

The hackers sent emails to a segment of employees at NDSU that looked as if they were from the payroll department. The emails asked that employees click on a link to verify their pay raises.

According to Feldner, the link took them to another web page that looked like Campus Connection and eight of the individuals entered their usernames and passwords. It was not a Campus Connection page but rather a page made to look like it.

The hackers captured usernames and passwords, which they used to log into the real payroll system and route their next paychecks to an out-of-state bank account.

Steps were taken right away to limit the theft to one pay period. The part of Employee Self Service allowing employees to change their direct deposit bank account information online was shut down, and new direct deposit accounts were set up.

The newly founded precautions are a response to employees and campus payroll offices requesting a solution to the need for direct deposit changes to be made through the campus payroll office, as staff members were unable to do the changes from their computers. Feldner said there will hopefully be more security to come.

“We have asked the legislature for $1.5 million for additional security across the system,” Feldner said. “Included in that request will be additional IT security staff and security software. We are also updating security policies and procedures which include mandatory 90 day password changes. In addition, the system technology staff participates in mandatory monthly security training.”

Marie Monson is a staff writer for The Dakota Student. She can be reached at [email protected].