Seattle Pacific University is committed to the continual improvement of security measures that protect university systems and personal data. In 2017, SPU experienced a significant, alarming rise in the number of compromised accounts. As a result, CIS will take several additional steps this year to better protect you and the university's vital information resources. Some of these steps will be done behind the scenes; others will require your attention and involvement.
The first step that you will see involves a mandatory password reset requiring that all SPU account holders change their university password. We do not take this step lightly. The university has never required people to change their password and as a result, there are many accounts with passwords that are five, ten, even twenty years old.
As this process unfolds, you will receive email communications with instructions on how to reset your password along with a deadline for compliance. If you do not reset your password in the timeline provided, your account will be locked and additional manual steps will be required for you to regain access. Please join the fight to protect you and the university by changing your password.
Why You Need to Reset Your University Account Password
A large number of SPU account credentials were exposed last year as a result of 3rd party data breaches beyond our control. Many people use the same username/password credentials for several different accounts; when one is compromised by a data breach, all accounts (like your SPU account) using the same credentials are also compromised. In addition, a dramatic increase in phishing scams targeting the SPU community have compromised hundreds of accounts.
There is a high probability that additional compromised accounts have yet to be discovered. A university wide password reset will resolve any currently compromised accounts.
Example: LinkedIn Data Breach Exposed SPU Credentials In December 2017, CIS was notified of a list of SPU usernames for LinkedIn accounts that were compromised in the 2016 LinkedIn data breach. Of these accounts, 400+ used the same email/password credentials to log into SPU accounts. The credentials for these accounts had been exposed for nearly two years before they were discovered!
SPU is Being Directly Targeted CIS tracks hundreds of attacks on SPU accounts every day. The sophistication and frequency of these attacks increase at an alarming rate.
Use a different password for different websites and resources, particularly if you’re using the same username or email address for those accounts.
What Is at Risk?
Your SPU credentials give access to a wide range of personal data and sensitive information about SPU, its students and employees. This puts the institution at risk and increases your own risk for identity theft.
Your Employee Data: W2, payroll history, SSN, birthday, direct deposit, etc.
Your/Other Student Data: grades, financial records, sensitive personal information
Your Identity: when malicious phishing attempts come from compromised SPU email users, the probability that others will be tricked into thinking the email is legitimate increases.
How We Work to Protect You
CIS spends tens of thousands of dollars each year on technologies and staffing resources to protect the informational integrity of the SPU community. The internal network is protected by firewalls that block millions of malicious attacks daily. SPU Wifi is encrypted and highly secure from interception and tampering. Sophisticated email filters block between 4,000 and 12,000 phishing/SPAM emails every day.
Combining systems-security with an informed and conscientious user community, we can work together to ensure that data are protected and resources remain reliable and available. Thank you for doing your part to keep our community and its vital informational resources safe.
If you're curious about the breadth and scope of cyber attacks, take a look at the Kaspersky Cyber-Threat Map showing attacks in real-time.