AU was hacked, and scammers reached out with multiple different approaches to reel students, faculty, and staff to click on.

The emails took different approaches for anyone to click, from selling musical instruments to a job as a professor’s assistant.

“Out of caution, we have asked a few people to change their passwords,” said Benjamin Schwartz, director of Infrastructure and Security at AU.

In total, there were three phishing campaigns by hackers, and 23,128 emails were generated. Microsoft removed all URL links in the emails, and all incidents were investigated.

“Therefore, the risk level was low,” said Schwartz

Within the three campaigns of the hackers, the issues were resolved from 8:30 a.m. to 12 p.m. on Sept. 22.

No AU assets were compromised during the hacking.

The phishing emails originated from an individual clicking on the links sent, and the address inside AU’s system was accessed to send more emails.

The emails started being sent on the evening of Sept. 21. and the morning of Sept. 22. and originated from a data center in South Dakota and Maryland, but the hackers are unknown.

“This is nothing new for universities and private businesses,” said Schwartz. “Whether we are on Google, Microsoft, or when using personal email accounts, everyone should be aware and familiar with phishing emails.”

The AU Information Technology Department encourages all faculty, staff, and students to review the portal announcement regarding phishing.

If anyone sees another phishing email, they can send it to [email protected] or call the IT Department.