The following email was sent after the Quest alerted the IT department that our coverage of this issue would be published on Friday, September 29. That coverage is now live on our website.
Subject Line: Reed ID vulnerability background
From: Valerie Moreno, Chief Information & Security Officer
September 28, 2023
Dear Reed community,
I’m writing to provide an update on a cybersecurity issue addressed by Reed IT last spring.
In April, one of our IT student workers discovered unique ID numbers displayed within the URL string of a directory web search within IRIS. With a directory ID number and the purchase of a swipe device (similar to what is used for hotel key cards), one can leverage this information to clone a Reed ID so long as they also have the IT programming skills, access to unique ID numbers, and access to additional swipe cards to clone. We have addressed this vulnerability, and no one’s personal identity was compromised or is at risk.
Recently, we were also informed that a secondary vulnerability was discovered related to the mag swipe data on Reed ID’s that can be re-engineered using a known algorithm. We are coordinating a plan of action to address this issue.
Our practice is to address cybersecurity issues when they are presented to our IT teams. This usually happens by utilizing CVE reports, with continual scanning & patching of our IT environment and by individual discovery. New issues around Reed ID numbers may emerge in the future, and we will address them should they arise.
Cybersecurity work is dynamic and ever-evolving. We live in a digital age where with the right skills and pertinent information, all technology systems within and outside of Reed College are susceptible to hacking.
I am incredibly proud of our Reed IT staff who work tirelessly to respond with urgency to all requests that present themselves and send a thank you to our IT student worker who had the time to wonder and to explore.
This is a good time to remind our community if your ID is lost or stolen, please immediately report back to community safety to ensure your ID is disabled and a new one is issued.
Chief Information & Security Officer