Server Security Incident

September 7, 2021

SCSU Server Security Incident

Due to a recently discovered unauthorized access to St. Cloud State University servers, StarID passwords for all campus members will be set to expire this week. Students, faculty, staff and emeriti will receive an emailed campus communication with directions on how and when to change the StarID password. If a password is not reset within 72 hours of receipt of that email, the password will expire. An expired password will require a reset to access any services requiring a StarID login.

St. Cloud State University is taking this step as a precautionary measure because an unknown party gained unauthorized access to university servers. The affected servers contain mostly public information on faculty and staff and non-sensitive but private student data.  Information about faculty and staff that may have been accessed includes first and last name, preferred first and last name, StarID and encrypted password, and Outlook 365 group memberships. In addition, if you provided a personal phone number, address or photograph in Outlook’s address book, that information may have been accessible. No faculty, staff or student financial information, medical information, social security numbers, grades or academic records were stored on these servers or were accessed.  St. Cloud State worked with forensic experts to terminate the unknown access to the affected servers as of August 31, 2021.  

St. Cloud State University is fully committed to protecting the security of our data and the privacy of our students, our faculty, and our staff. We make every effort to protect private data and to be transparent in our actions. A final report will be available at the conclusion of the investigation of this incident. St. Cloud State University regrets this incident and the inconvenience it causes.

If you have further questions related to this incident, please contact the Office of University Communications, ucomm@stcloudstate.edu, 320.308.2104.