IWU Data Security Incident

Indiana Wesleyan University (IWU) understands the importance of protecting the information of its students, faculty, and staff. We recently learned of an incident involving access to two IWU email accounts. This message explains what occurred and the steps IWU has taken in response.

IWU learned on November 24, 2019 an unknown person used the IWU password reset portal to reset the email account passwords of Dr. Wright and Dr. Hammons, our President and Provost. The person logged-in to both email accounts and the IWU portal.  The person then sent an email to both accounts disclosing the access and asking for money. We immediately started an investigation and a leading computer security firm was engaged. We have notified law enforcement and will support the effort to find the person who accessed the accounts.

The information that was visible in the IWU portal did not contain financial account numbers or Social Security numbers.  However, directory information of our faculty, staff, and students and unofficial transcript information was accessible. The investigation is ongoing, but a review of the logs does not show any indication that student transcript data was accessed. We have disabled the password reset portal.  We are working diligently with our external partners to assure a comprehensive investigation is completed. We are also accelerating the timing of a project that was already under way to enable multifactor authentication for email accounts for employees.

IWU regrets that this occurred and apologizes for any inconvenience. If you have further questions, please email incidentresponse@indwes.edu.

Last Updated: November 25, 2019