Another student arrested in connection to JSU data breach

Another student arrested in connection to JSU data breach
JSU. Source: Dixon Hayes/WBRC
JSU. Source: Dixon Hayes/WBRC
JSU. Source: Dixon Hayes/WBRC
JSU. Source: Dixon Hayes/WBRC

JACKSONVILLE, AL (WBRC) - Another student has been arrested in connection to a data breach at JSU, the university announced on Facebook on Monday.

The university said the investigation is continuing and more details will be released when available.

A juvenile JSU student was arrested last week and others were questioned in connection to a data breach at the university, according to JSU's Public Relations Director, Buffy Lockette.

So far there are no charges in the incident and the original suspect's identity isn't being released because the suspect is a juvenile. That suspect is being detained by the Coosa Valley Regional Detention Center.

Students' and faculty members' phone numbers, birth dates, hometowns and even their ID photos, became public online. Those impacted by this security violation include students who have been accepted for admission.

Students were told to immediately change their passwords and log-in information on the school's website.

Late Wednesday afternoon, a university spokeswoman said the incident was not an outside hacking, but an internal breach of what they called a "peripheral system with limited information."

Some students are expressing shock and even anger.

"I typed in my student number and didn't find it, but then I typed in my first name, and it pulled up my picture that's up on my student ID, my birthday, my student number. I mean, it's kind of scary thinking someone can get in and get all of that information," JSU senior Brittani Studdard said.

"To find out someone's being arrested and questioned, really makes me feel a lot better about it," Studdard added.

Vinson Houston, Vice President for Information Technology, said in an email to students that the university places high priority on JSU's internet security and protection of student data, and will do what is necessary to address the issue.

According to the website, the suspected hacker lives in Russia, the VPS is in Bulgaria, and the domain is in Switzerland.

The website states it was made to bring awareness to JSU's information security problems.

"I understand the idea of trying to raise awareness that there is a problem, with how secure our info is, but this is not the right way to do it, by making it public and more easy to access," JSU junior Christopher Kiser said.

The suspected hacker has updated the site to where students' street address are no longer visible but their city and state is still listed.

"We're very scared, and just really...terrified over what's going on with it. And we're just getting no response,"  Kiser said. "We have members of our faculty who are making lighthearted jokes about it on Facebook, saying that, 'Oh well, it's going to be out there, it's information, what do you expect?' We expect you to keep it safe. We're paying money for you to protect us, and to help us get this education."

JSU's internal investigation has not confirmed social security numbers, credit cards or any other bank information.

Copyright 2016 WBRC. All rights reserved. WAFF contributed to this report.