The General Data Protection Regulation (GDPR) requires security measures for processing data relating to an identified or identifiable individual located in the European Union, Iceland, Liechtenstein or Norway (GDPR Processing). Harvard units or programs must comply with the GDPR when conducting GDPR Processing. The GDPR requires that security measures be appropriate in light of the potential risks to the affected individuals, taking into account the scope and purposes of such processing and the nature of the data. The GDPR identifies the following categories of data as meriting special...
On June 19, Harvard discovered an intrusion on the Faculty of Arts and Sciences and Central Administration information technology networks.
Since discovering this intrusion, Harvard has been working with external information security experts and federal law enforcement to investigate the incident, protect the information stored on our systems, and strengthen IT environments across the University.
At this time, we have no indication that personal data, research data, or PIN System credentials have been exposed. It is possible that Harvard login credentials (username and password) used to access individual computers and University email accounts have been exposed.
Action Needed In order to further secure your data, the University is requiring the following action:
If you are part of the Faculty of Arts and Sciences, Harvard Divinity School, Radcliffe Institute for Advanced Study, or Central Administration, you should change the password associated with your Harvard account (computer login and email account).
If you are part of the Graduate School of Design, Harvard Graduate School of Education, Harvard John A. Paulson School of Engineering and Applied Sciences, or Harvard T.H. Chan School of Public Health, youshould change your email password (Office 365 or Icemail).
Update all devices synced to your Harvard account—including desktops, laptops, tablets, and mobile phones—with your new password.
Password changes will be required again at a later time as the University takes further steps to enhance security. Instructions on how to change your password are available at security.harvard.edu/passwordhelp.
If you are part of the Harvard Business School, Harvard Kennedy School, Harvard Law School, Harvard Medical School, or Harvard School of Dental Medicine, you do not need to take any action at this time.
Support Available Online instructions and enhanced 24/7 IT support are available at firstname.lastname@example.org or (617) 495-7777 to assist in changing your password. While Harvard University Information Technology (HUIT) has substantially increased IT Help Desk resources to assist the community, longer wait times should be expected. Your patience is greatly appreciated.
Changing a Password Remotely At this time of year, many in our community are away from campus. The process of changing a password remotely is more complex. If you are experiencing difficulty changing your password and would like assistance, we encourage you to reach out to the IT Help Desk at email@example.com or (617) 495-7777.
Additional Information Additional information, including FAQs, is available on the Harvard Information Security website (security.harvard.edu/cyber-alert). As always, if you receive questionable emails or phone calls asking for your account information, do not respond. Instead, please contact the IT Help Desk for guidance.
We continue to monitor the situation closely and will update the community as the investigation progresses.
Protect yourself from the Heartbleed security flaw.
What is “Heartbleed”?
Heartbleed is the nickname of a newly-discovered software security flaw in one of the most common security protocols on the Internet. It weakens or removes the privacy of information sent between a web browser and a web server. A significant number of websites were placed at risk by this flaw, including some at Harvard.
What information might have been stolen?
If this flaw were exploited, credentials, such as usernames and passwords, private...