Newsroom

March 25, 2022, 10:55 a.m. (ITS page updated)

Okta has confirmed that Iowa State accounts were not affected as part of their security compromise. The ITS Security team also reviewed Okta account activity logs and also came to the same conclusion. The team has concluded its investigation into this incident and does not plan to provide any additional updates. 

March 23, 2022, 9:40 a.m. (ITS page updated)

Okta posted update on their website.

On December 13, 2020, the IT security team learned that one of Iowa State University’s software vendors, SolarWinds, experienced a security breach. It has been confirmed that Iowa State University was one of the estimated 18,000 customers affected by the SolarWinds security breach.

Some individuals on Iowa State University's campus have received an email from Box, saying they are using an outdated version of the application.

These emails are legitimate; as of Nov. 12, 2018, Box will stop supporting TLS 1.0. Older versions of Box applications, such as Box Drive, Box Tools, Box Edit, Box Sync, etc., will no longer work.

Box tracks which version of the application users employ and is sending out notifications to users still on the older versions, which will not be supported after Nov. 12.

An email-based extortion scam claiming possession of explicit personal information is circulating around Iowa State, and University account holders are encouraged to strengthen their security measures to prevent being targeted.

Several Iowa State University accounts were recently compromised and used to send emails to other members of the university community, asking them to visit various websites where they were prompted to enter Net-IDs and passwords.

The incident that took place throughout last week was a phishing attack, which is an attempt to obtain sensitive information such as usernames and passwords disguised as trustworthy electronic communication.