Some payroll and student records breached You should be aware of a security breach for a limited number of North Dakota State University human resources/payroll records and student loan records of 57 North Dakota University System students. For about a two-week period, the records were vulnerable to unauthorized Internet access. The breach was not caused by a malicious attacker seeking the records. The student loan records are for NDUS students who have loans administered by the North Dakota Student Loan Service Center and whose last name begins with the letter “A”. The NDSU human resources and payroll records include public and private information, and appear to be records of individuals who left NDSU employment during 2005 and a portion of 2006. Individuals who are directly affected are being identified and will receive further information. The exact number of people affected is still being determined. The records were on computers owned and maintained by a third-party vendor under contract to archive electronic copies of paper documents. The records were subject to unauthorized access after computer maintenance was performed following a power surge that disrupted normal operations. The machines are undergoing forensic examination at NDSU to determine exactly what records were vulnerable and if they were accessed. Private information contained in portions of the database includes names, addresses, social security numbers, loan applications and other financial information. In addition to removing the computers from online access and notifying individuals directly affected, NDSU is reviewing procedures where private vendors have access to confidential information and the security measures those vendors undertake to protect the data. News such as this is never welcome, particularly when all the details are not yet available, but we wanted you to know about the matter as soon as possible. -- John Adams, NDSU vice president for business and finance.