The University of Michigan (UMICH) has issued a warning to its staff and students, advising them to reset their account passwords due to a recent cyberattack.
In emails sent by the university’s CISO and CIO to the community, it is stated that password changes must be made by September 12.
If users fail to comply with this requirement, they will be unable to sign into their accounts until they go through the more complicated process of recovering a forgotten password.
Emails from UMICH CISO Sol Bermann and CIO Ravi Pendse emphasize the importance of security, stating that all community members on various campuses must change their passwords before September 12.
The university’s ITS Service Center (ITS) also highlights this mandatory change, warning that failure to change passwords will result in the inability to use UMICH passwords and services that rely on U-M Weblogin and U-M managed devices.
Guidelines for creating a secure password that meets the university’s complexity requirements are provided for community members to consult.
If users encounter any issues with the self-service password tool, they can find additional resources and contact information for UMICH’s ITS Service Center on the “Change Your UMICH Password” page.
On Tuesday, users attempting to change their passwords were alerted to the possibility of slower performance during sign-in or when using the account management app (this issue has since been resolved).
This warning comes after the University of Michigan announced on August 28 that it had taken all systems and services offline following a cybersecurity incident.
The university ensured that this action was taken to address the issue in the safest manner possible.
As a result, wired and WiFi campus internet connectivity, M-Pathways, eResearch, DART, and all systems used in the student registration process were affected.
Two days later, CIO Ravi Pendse and President Santa J. Ono confirmed that internet connectivity and WiFi had been restored across all UMICH campuses.
When approached for more information about the mandatory password resets, UMICH’s Director of Public Affairs declined to provide any details that could compromise the ongoing investigation.
Last month, Michigan State University also revealed that some third-party service providers had been impacted by data theft attacks, potentially exposing the data of MSU community members including students and retirees.
