North Dakota University System Data Breach (2013)

Core Technology Services, the information technology arm of the North Dakota University System, has discovered and shut down suspicious access to one of the university system's servers. An entity operating outside the United States apparently used the server as a launching pad to attack other computers, possibly accessing outside accounts to send phishing emails. Unfortunately, personal information, such as names and Social Security numbers, was housed on that server. There is no evidence that the intruder accessed any of the personal information. Their breach involved a server accessed using compromised login accounts. No information has yet been released on how the account was taken over, but spearphishing is a likely candidate. The illicit access began in October 2013, and was discovered in early February. Public disclosure was not made until March 3rd.