On August 14, 2024, Colorado State University Pueblo experienced a cybersecurity event triggered by a social engineering attack that targeted university employees. This attack resulted in an unauthorized third party gaining access to an unprotected Excel spreadsheet. Fortunately, the incident was limited to this single document, which did not involve a breach of the university’s or the CSU System’s broader computer systems.
The compromised spreadsheet contained sensitive information, specifically the first and last names of affected individuals, their CSU ID numbers, and their current billing balances. Recognizing the potential impact of this data exposure, the university promptly informed affected individuals about the incident while emphasizing that no other personal data was included in the exposed file. The university’s communication aimed to raise awareness about the nature of the attack and encourage individuals to take precautions.
In its response, CSU Pueblo urged individuals to remain vigilant against identity theft and fraud. The university recommended monitoring financial account statements and reviewing free credit reports for any signs of suspicious activity. Additionally, it provided contact information for the financial aid and student billing offices, advising individuals to verify any unusual communications they might receive regarding their accounts.
To further assist affected individuals, CSU Pueblo emphasized the importance of safe online practices, advising them to avoid clicking on links that may lead to phishing attempts. Instead, individuals were encouraged to access their accounts directly through the university’s secure PAWS portal. The university also made its IT Help Desk available for any questions or concerns regarding data safety, ensuring that individuals had access to resources and support in the aftermath of the incident.
Reference:
