Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 2 Next »

A customer's password and BoilerKey PIN will become scrambled if our security team has reason to believe that their career account has been compromised.

In order to minimize the impact, ITaP Security and Policy immediately scrambles a customer's career account password and BoilerKey PIN in an effort to protect them and Purdue from an unauthorized individual accessing your information and systems that the customer is authorized to access.  This, unfortunately, will cause them to be unable to log in to any system which uses their Purdue career account.

One symptom the customer might see if their account has been compromised is suspicious email, or an increase in the amount of spam email that they receive prior to noticing that their career account no longer allows you to log in to any system.  


NOTE:  Once you have reestablished access to your account, please check and verify bank account information in SuccessFactors, forwards and rules in your email, etc. to confirm no changes were made to your information.


To Work This Type of Ticket

  • Apply the 'PM.CSC Steam Cirt' quick issue template to the FootPrints ticket
  • Change the 'User ID' field on the Contact Information tab in the ticket to the user ID of the account that has been scrambled. It will be listed in the ticket title and customer note.
  • Attempt to contact the customer first by phone, and then by email.  Phone numbers can be found in Footprints, the Directory, or found by a supervisor/specialist in Banner.  If leaving a message, ask the customer to call the CSC at (765) 494-4000 or come in person to the HSSE desk to verify their identity and have their password reset. 
  • If you are unable to reach faculty at their directory number, they might not have a direct line.  Try and contact the school's main office and see if you can leave them a message or get a cell phone number.


NOTE Reference the ticket number.
 

SCRIPT: 

"Our Security Team has determined that your account may be compromised.  They have scrambled your password in an attempt to minimize the impact that an unauthorized person has using your credentials to access your personal information as well as University systems you have access to.

We are attempting to determine possible causes of compromised Purdue career accounts.  We would greatly appreciate if you could take a few minutes of your time to answer the following questions regarding this incident."


Go to the Qualtrics survey at https://purdue.qualtrics.com/SE/?SID=SV_aWW1EAM5JujrKxD and read the questions to the customer.  Make sure to gather the customer's user name and put that in the survey when prompted.  

 

  • In the STEAM-CIRT ticket, note in the tech notes that you completed the survey for the customer.  
  • Follow normal password reset and BoilerKey procedures.

    NOTE:  Once you have reestablished access to your account, please check and verify bank account information in SuccessFactors, forwards and rules in your email, etc. to confirm no changes were made to your information.

  • Resolve the ticket.
  • No labels