Information last updated July 1, 2015
A Message to our Community:
On June 19, Harvard discovered an intrusion on the Faculty of Arts and Sciences and Central Administration information technology networks. The security of your information is our top priority and we are taking this incident very seriously.
We will continue to update the community with more information as it becomes available and as additional security measures are required. Please read on for answers to some common questions.
On June 19, Harvard discovered an intrusion on the Faculty of Arts and Sciences and Central Administration information technology networks.
Since discovering this intrusion, Harvard has implemented enhanced security measures to protect University data and systems. In addition, we notified federal law enforcement and engaged an external cybersecurity firm to conduct a thorough forensic investigation, which is currently underway.
Why is the Harvard community learning about this now?
We notified the community as soon as we were confident that notification would not jeopardize our efforts to secure systems and limit damage from the intrusion, potentially making the situation much more difficult to resolve.
What types of data have been exposed?
At this time, we have no indication that research data or personal data managed by Harvard systems (e.g. social security numbers) have been exposed. There is no indication that PIN credentials, used to access University systems and web resources, have been exposed.
It is possible that Harvard login credentials (computer and email passwords, including Office 365) stored on the compromised FAS and Central Administration networks have been exposed. In order to further secure your data, the University is requiring some members of our community to change their Harvard passwords. Please see “Should I change my password” for more details.
Has information in my email been exposed?
At this time, we have no indication that Harvard email has been exposed. Changing your email password is an important step toward further securing your information.
The University is requiring some members of our community to change their Harvard passwords. Please see “Should I change my password” for more details.
Should I change my password?
In order to further secure your data, the University is requiring the following action:
If you are part of the Faculty of Arts and Sciences, Harvard Divinity School, Radcliffe Institute for Advanced Study, or Central Administration, you should change the password associated with your Harvard account (computer login and email account).
If you are part of the Graduate School of Design, Harvard Graduate School of Education, Harvard John A. Paulson School of Engineering and Applied Sciences, or Harvard T.H. Chan School of Public Health, you should change your email password (Office 365 or Icemail).
Update all devices synced to your Harvard account—including desktops, laptops, tablets, and mobile phones—with your new password.
Password changes will be required again at a later time as the University takes further steps to enhance security. Instructions on how to change your password are available at security.harvard.edu/passwordhelp.
If you are part of the Harvard Business School, Harvard Kennedy School, Harvard Law School, Harvard Medical School or Harvard School of Dental Medicine, you do not need to take any action at this time.
Please see “What passwords do not need to be changed?” for a list of common applications that do not require updates to credentials at this time.
Do I need to backup my data?
For most users in the Harvard community, backup of data is automatic. If you have specific questions about data backup, please contact your local IT department to inquire about backup policies and procedures.
How do I change my password? Where do I go for help?
Online instructions and enhanced 24/7 IT support (email and phone) are available at firstname.lastname@example.org or (617) 495-7777 to assist in changing your password. While Harvard University Information Technology (HUIT) has substantially increased IT Help Desk resources to assist the community, longer wait times should be expected. Your patience is greatly appreciated.
As a best practice, create strong passwords that do not match passwords you use anywhere else, such as your personal accounts (e.g. bank account, etc.). Guidance on choosing a strong password can be found at security.harvard.edu/use-strong-passwords.
How do I change my password if I am away from campus?
At this time of year, many in our community are away from campus. The process of changing a password remotely is more complex. If you experience difficulty changing your password remotely, please reach out to the IT Help Desk at email@example.com or (617) 495-7777 for assistance.
How do I unlock a locked account?
Your account may lock you out if you type the wrong password too many times. This may occur if you recently changed your account password but did not update this new password on all devices that continue to automatically sync to your Harvard account (desktop, laptop, tablet, and mobile devices).
Locked accounts will unlock automatically after several minutes. Contact the IT Help Desk at firstname.lastname@example.org or (617) 495-7777 if you need assistance.
Do I need to change my Harvard PIN password?
No, currently there is no indication that Harvard PIN credentials have been exposed.
What passwords do not need to be changed?
At this time, for the following applications there is no indication of password exposure related to this incident, and therefore no requirement to change passwords:
Harvard PIN System Login
Division of Continuing Education (DCE) Login
HMS eCommons Login
FAS Research Computing
Any passwords for the following Schools:
Harvard Business School
Harvard Kennedy School
Harvard Law School
Harvard Medical School
Harvard School of Dental Medicine
Is there anything else I should be doing to keep my data safe?
Be aware of efforts by outside parties to gain access to your information. Phishing scams may increase after news of this intrusion is public. If you receive questionable emails or phone calls asking for your account information, do not respond. Instead, please contact the IT Help Desk for guidance at email@example.com or (617) 495-7777.
What is Harvard doing to prevent cyber attacks? Are we taking sufficient steps to protect data?
Higher education is one of the most targeted industries for cyber attacks, and Harvard frequently detects and repels threats. As attacks become more sophisticated, information security teams must quickly adapt and respond to stay one step ahead.
Harvard takes information security very seriously. We depend on an active partnership with our community to make Harvard more secure and will continue to enhance our information security efforts.
Our community members play an important role in University information security. Following these best practices will help make Harvard’s networks and your information more secure:
Click wisely – Malicious emails can put your data at risk. Don’t click links or download attachments from untrusted or unexpected emails.
Apply updates – Cyber criminals often leverage out-of-date software to gain access to systems. Reduce your risk by keeping software on your devices current.
Use strong passwords – A longer password (10 characters or longer) is a stronger password. Create strong passwords for your accounts, and use two-step verification whenever it is available.
Know your data – Handling sensitive data comes with responsibility. The information security policy instructs you how to identify, secure, and dispose of sensitive information. If you don’t need it, delete it! To learn more about handling sensitive data for Harvard, visit policy.security.harvard.edu.
A dedicated website has been created to address many of Harvard’s information security best practices: security.harvard.edu.
Will the community receive further updates?
Yes, we will continue to update the community as the investigation progresses. Information will also be posted to the Harvard Information Security website at security.harvard.edu/cyber-alert.
Who do I go to for questions or more information?
We understand that the community will have additional questions about this incident. Please send your questions to firstname.lastname@example.org and they will be routed appropriately for answers.