Skip to main content Skip to navigation

insite: our staff hub

Security incident and password resets

Secure

We've recently requested all staff and students to reset their IT passwords. We appreciate that this has caused some disruption but the measure was a necessary and important precaution in safeguarding privacy and security at the University.

Unfortunately, the University experiences attempts to compromise our systems on an almost daily basis. The vast majority of these attempts are repelled or are caught very quickly and have little or no impact. However, occasionally, more serious attempts are made and we have to take additional steps.

Over the course of the last week the University has been subjected to a persistent, determined attack from a well-resourced and highly organised group. This particular attack was successful in gaining access to our more sensitive systems. Therefore we've had to implement some additional security measures both to negate the impact of the intrusion and to make any future attempts much more difficult.

During the course of the breach the perpetrators saw usernames and encrypted passwords. While password encryption is a good security measure, given enough time and the right tools it's possible to break such encryption. While we have no evidence of a mass collection of passwords, we felt it appropriate to consider these passwords 'at risk' and initiated the process of having all passwords reset.

The timing of this attack is unfortunate in one other respect. The University is currently in the process of migrating email between systems. While this takes place we can't update email passwords. This means that for a short period the passwords for general IT access and email access will be out of sync. Once the migration is complete we will be able to automatically update your email password, but until that happens, you'll need to continue to use your old password to access email.

The management of these incidents is very difficult. There are a number of technical aspects that we need to carefully consider. This includes considering trade-offs between highly secure responses versus disruption to University business and, of course, the issue of trying to keep everyone informed. We acknowledge that some actions have been taken without the wide communication we would normally have desired. However, this has happened where the security risk in delaying an action was deemed unacceptable.

Please accept our apologies for any disruption or inconvenience you've experienced. While these steps are precautionary, we would strongly advise you, if you've not already done so, to take the following actions (and to do so regularly regardless of particular incidents):

  • Update your anti-virus software and run a full scan on your PC
  • Reset your ITS password
  • Reset your password on any other systems that used your old ITS password (work or personal)
  • Do not use the same password for multiple systems

You can find more advice on choosing a strong password on the information security webpages. To reset your password visit the change password webpage.

Let us know you agree to cookies

We use cookies to give you the best online experience. Please let us know if you agree to functional, advertising and performance cookies. You can update your cookie preferences at any time.

Cookie policy