We had a rough couple of days on the Macaulay websites!  I sent the letter below to the community today–but I thought I would post it here, too, in case anyone missed it.

To the Macaulay Community,

You may have noticed that on Monday and Tuesday of this week, some of the Macaulay websites were inaccessible or carried confusing warning messages in your browser.

The first thing we want you to know is that there was no compromise of your personal data at all.  No files were lost, none of your posts were deleted, all your work was safe and no unwanted software was installed on your computer.

Sometime overnight on Sunday, a malicious hacker attempted to insert a script (which would serve spam to anyone visiting the site) into our web server.  Google constantly combs sites to identify such malicious scripts, and that is why the warnings (which got picked up by most browsers) began on Monday morning.  In order to protect all visitors, we immediately disabled access to the site while we made absolutely sure that there was no security breach and that all possible vulnerabilities were, in fact, closed.

The process of meticulously checking everything on the site and then having Google certify that the site was completely clean took some time, and this meant that for most of Monday and some of Tuesday, our eportfolios, class websites, internship listings, event RSVP system, and other Macaulay-hosted services had to remain inaccessible. We are back up and running now.

Attacks like this are unfortunately one of the common dangers of the digital world these days–but all of our security measures were successful, and even though we experienced some inconvenience, we achieved our goal of protecting our students and all of our community.

If you have any questions or concerns, please feel free to email me at joseph.ugoretz@mhc.cuny.edu.