The University of Virginia has brought the secure area of its website back online after completing a security upgrade over the weekend, two days after the school took the site down and notified students that it had been hacked in June by someone in China.
The university said federal officials notified them of the breach this summer and confirmed it on June 11. However, the university also said the attack had been directed at two employees, and that personal information on students had not been violated.
“Our forensic investigation has indicated that no personally identifiable information — such as Social Security numbers and banking information — or personal health information was accessed,” UVA said in a press release.
It is the third time in recent memory that a university has been hacked by perpetrators based in China.
The Federal Bureau of Investigation discovered in October 2014 that Chinese hackers had been accessing Penn State’s College of Engineering data for up to two years in what Penn State President Eric Barron called “an advanced attack” by “very sophisticated threat actors.”
The second incident was made public last month, when the University of Connecticut announced that its engineering department had been breached beginning as early as September 2013. According to school spokesman Tom Breen, officials determined that the hackers were based in China “based on the type of cyberattack that was launched, and the software used.” That incident resulted in credit card and Social Security information being stolen from more than 6,000 students.
China is quickly gaining a reputation as one of the largest purveyors of cyberattacks in the world. National Intelligence Director James Clapper called China the “leading suspect” behind the Office of Personnel Management breach announced this year.
Akamai, a technology company headquartered in Massachusetts, estimates that by one metric — distributed denial-of-service attacks, which are intended to shut down websites — China was responsible for 37 percent of intrusions in the second quarter of 2015. The U.S. came in second at 17 percent, while the United Kingdom came in third at 10 percent.
UVA contracted Mandiant, a cybersecurity firm known for working to protect companies from Chinese hackers, to assist with its system enhancements. The company published a report in 2013 suggesting that China’s People’s Liberation Army was responsible for most of the cybercrime taking place around the globe, calling it “one of the most prolific cyber espionage groups in terms of the sheer quantity of information stolen.”
