Stanford's chief financial officer Randall Livingston said the school does "not yet know the scope of the intrusion."
This email was sent out to the Stanford community:
"Members of the Stanford Community:
Stanford is investigating an apparent breach of its information technology infrastructure similar to incidents reported in recent months by a range of companies and large organizations in the United States. We do not yet know the scope of the intrusion, but we are working closely with information security consultants and law enforcement to determine its source and impact. We are not aware at this time of any protected health information, personal financial information or Social Security numbers being compromised, and Stanford does not conduct classified research.
As a precautionary measure, we are asking all users of Stanford's computer system - that is, all those with a SUNet, or Stanford University Network, ID - to change their passwords. This may be done on the "Accounts" page of the Stanford website. (You can find the "Accounts" page by going directly to the main stanford.edu website.) Additional information is posted on that page verifying the nature of the issue and the University's request that passwords be updated. As we learn more about the incident, this process may need to be repeated.
Stanford treats information security with the utmost seriousness and is continually upgrading its defenses against cyberattacks. Like many institutions, it repels millions of attempted attacks on its information systems each day. In recent months, a range of large organizations have reported attacks involving their information systems. Preliminary indications are that the breach at Stanford bears many similarities to these incidents. We are unable to provide additional detail at this time, given the ongoing nature of the investigation and the importance of limiting any damage from the incursion. We will provide updates to users of our systems as more information becomes available."