‘Cybersecurity incident’ impacts current, former student data


Leo Woods

The Sawyer computer lab

A “cybersecurity incident” discovered this past summer involving Suffolk University network data affected some current and former students, according to a Dec. 1 email sent to students from Suffolk President Marisa Kelly.

The “unauthorized actor” either accessed or obtained data from those affected. These students will be notified privately, according to the email.

“Persons whose data was impacted will receive an individualized notice in the mail in the coming days describing what type of data was impacted and resources to support you, including a call center to answer your questions about the cyber event,” Kelly said in the email.

In a separate email sent to faculty and staff obtained by The Suffolk Journal, Kelly noted the data involved pertains to certain students who enrolled in classes after June 2002. University employees were not affected by the incident, according to this email.

Suffolk discovered the incident this summer and has been investigating it since. There is currently no evidence that the data was used maliciously, according to the email, but Kelly encouraged the Suffolk community to take precautions, such as monitoring bank accounts and securing personal accounts and devices. The email said the unauthorized access to the network did not impact university operations.

“I wish impacted students knew their information was affected sooner. I think the school is being open with the students too late and could have handled the communication better,” said an anonymous student that was affected by the incident.

This incident was not unlike other cybersecurity issues affecting similar institutions, Kelly said. 

“Amid the challenges posed by the COVID-19 pandemic as institutions transitioned to remote work, cyber criminals have targeted higher education systems around the world. We are unfortunately just one of many colleges and universities to suffer a cybersecurity incident in recent years, and we are applying our analysis of this incident to further strengthen our robust cybersecurity measures,” the email sent to students said.

Suffolk has been very vague regarding the kind of information that the hacker gained access to when reaching out to students to inform them. 

“I feel their response has been pretty canned especially considering they won’t disclose when this information was actually accessed by the hacker. I think they could be more open with students,” said the anonymous student. 

Despite feelings of fear and disappointment, students affected by the breach appreciate the support and guidance provided by the university. 

“As a student, I feel as though there are so many things that the university has us do in order to protect our information. It is disheartening to put my personal information and trust into a university and have that information jeopardized. Although it is scary, I am grateful that the university was able to send me helpful resources in order to take the next step and try and protect my information,” another anonymous student said. 

Kelly apologized for the occurrence and said the university will continue working to enhance its cyber security.

“Suffolk University prioritizes the privacy and security of all our students, faculty, staff, and alumni. We take our responsibility to safeguard data with which we are entrusted very seriously,” Kelly said.

Students can access the call center from 8 a.m. to 5 p.m. on weekdays at 1-877-409-8111.

Sarah Roberts and Maren Halpin contributed to the reporting of this article.