An investigation involving the access of Mississippi State University records is now centering around a former MSU student suspected of the crime.
MSU Chief Communications Officer Sid Salter said the investigation began in December, and a search warrant was recently executed at the suspect’s residence. Local, state and federal law enforcement agencies served the search warrant last week at the Garden Homes of Highlands Plantation.
“At the time the warrant was served, there was a seizure of records, computer hard drives, things of that nature,” Salter said.
Salter did not say passwords were stolen, only there was “unauthorized access to university records.”
Salter said the data breach is serious, but it is not disastrous.
“This is a serious breach, but it is not a catastrophic breach, and I think some of the news media accounts have been a bit sensational,” Salter said.
Salter said the university is being careful of the information it releases at this point in order to protect the rights of the individual suspected, who has not been arrested and is not currently in custody. The identity and gender of the suspect have not been released.
Salter said the individual has not been affiliated with the university since December, but he did not confirm whether the student graduated or was expelled.
Salter also said a great deal of forensic work remains to be completed in the case in order to determine the scope of the crime and those who are directly impacted. He said the forensic work could take up to three weeks to be completed. Prosecutors have not determined charges for the suspect at this time.
MSU’s police department leads the investigation, but federal, state and local law enforcement agencies are assisting.
According to Whit Waide, an assistant clinical professor of political science and public administration, computer crime can be prosecuted by both the federal and state governments.
Mississippi Code 97-45-5 states using or disclosing codes, passwords, a computer system, a computer network or computer services to another person without consent is committing an offense against computer users.
United States Code, Section 1030(a) states whoever “intentionally accesses a computer without authorization” and obtains information from any “protected computer,” can either face a misdemeanor or felony, depending on the “aggravating factors.”
“The federal government has a law called the Computer Fraud and Abuse Act, which deals with a variety of computer crimes,” Waide said. “This law seems to be specific to federal government computers, but I believe the judiciary has interpreted a ‘protected computer’ to mean anybody who uses the Internet in committing a computer crime as sufficient to be potentially prosecuted under federal law. The law specifies government computers and those of financial institutions, as well as ‘protected computers’ as being covered under the law.”
Although the suspect has not been charged with any crimes, Salter said the investigation is important to the university, and it will take action to “get to the bottom of it.”
“Something we owe to the university community is to follow as far as the evidence leads, and we will do that,” Salter said.