The University of Maryland College Park (UMD) has announced a significant security incident regarding its email server, which has raised concerns about the safety of personally identifiable information (PII). This announcement, made in compliance with Maryland's state laws, was issued following the discovery of unauthorized access to administrator accounts associated with the National Socio-Environmental Synthesis Center (SESYNC).
"On March 7, 2025, UMD received notice that some administrator accounts within an obsolete, but still online, email server for SESYNC had been compromised," stated a UMD representative. This breach highlights the risks associated with keeping outdated systems operational as it involves data that could potentially cause harm to individuals.
"On March 7, 2025, UMD received notice that some administrator accounts within an obsolete, but still online, email server for SESYNC had been compromised,"
By the Numbers
An internal investigation revealed that attackers accessed the email server during December 2024, successfully downloading sensitive information. The compromised data includes names, social security numbers, passport numbers, credit card numbers, and bank account details of around 1,100 individuals.
Impact and Legacy
Impact and Legacy
Impact and Legacy
In response to this severe breach, UMD has proactively reached out to those impacted, offering assistance in the form of identity detection and resolution services in partnership with Experian at no cost to the individuals involved. "UMD has notified all impacted individuals and has partnered with Experian to make identity detection and resolution services available to those individuals at no charge," the university added.
"UMD has notified all impacted individuals and has partnered with Experian to make identity detection and resolution services available to those individuals at no charge,"
Furthermore, UMD took immediate action to inform the necessary authorities about the incident. "UMD has notified the FBI, all three of the United States’ credit agencies, and applicable state agencies of this incident," the university highlighted, underscoring its commitment to transparency and cooperation with law enforcement.
"UMD has notified the FBI, all three of the United States’ credit agencies, and applicable state agencies of this incident,"
To prevent the reoccurrence of such breaches, the email server has been permanently taken offline. UMD is also thoroughly reviewing its policies and procedures to enhance security measures within its systems. "The email server has been taken offline and UMD is reviewing its policies and procedures so that appropriate security measures are taken to prevent such an incident from occurring again," a spokesperson remarked.
"The email server has been taken offline and UMD is reviewing its policies and procedures so that appropriate security measures are taken to prevent such an incident from occurring again,"
Individuals who have not received any notification from UMD regarding this incident are reassured that their data was not affected. The university has also encouraged any individuals with questions or concerns to reach out via their dedicated email address at umd-privacy@umd.edu.
Looking Ahead
The breach serves as a crucial reminder of the importance of information security in academic institutions, especially those handling sensitive personal data. As universities increasingly rely on digital infrastructure, ensuring that systems are up-to-date and secure remains a top priority to protect the personal information of students, faculty, and staff. The University of Maryland’s response, while immediate and comprehensive, encapsulates the necessary steps institutions must take to safeguard against future incidents.
