Cyber Incident Victim: North Dakota State College of Science

In September 2014, North Dakota State College of Science (NDSCS) discovered malware on multiple computers at its Wahpeton and Fargo campuses that stored sensitive personal information. The malware was identified on September 1, with forensic analysis indicating it had been present since mid-August 2014. These compromised systems contained names, mailing addresses, and Social Security numbers belonging to more than 15,000 current and former students and employees. While the institution found no evidence that attackers accessed or misused the stored data, the presence of malware created significant exposure risks given the sensitivity of the compromised identifiers. NDSCS secured all affected computers following the discovery to prevent further unauthorized activity.

NDSCS initiated multiple containment and remediation measures in response to the incident. The college updated administrative system login credentials, deployed additional monitoring and scanning software across individual devices and servers, and began implementing encryption protocols for files on employee computers. An external audit of all institutional technology systems was commissioned to evaluate security postures. All impacted individuals received direct notification of the breach and were offered complimentary identity protection services for one year. Chief Information Officer Cloy Tobola emphasized in public statements that investigators found no indication of actual data exfiltration or misuse, characterizing the malware's likely purpose as a platform for launching attacks against external systems rather than targeting NDSCS data directly. The college maintained this position throughout its communications while acknowledging the inherent risks posed by the prolonged presence of malware on systems housing sensitive records.