FBI and NSA Security Alert: Your Home Router Might Be at Risk
April 14th, 2026

Post

 

Dear Colleagues,

The FBI and NSA have warned that a group of Russian hackers is breaking into home and small office Wi-Fi routers. In addition to weaponizing vulnerable routers in at least 23 states, they are also looking to steal passwords and sensitive information.

Why Does This Matter to You?

In addition to putting your personal information at risk, when you log into college email and accounts from your personal Wi-Fi, hackers can glean your login info from the compromised router. 

4 Simple Ways to Stay Safe

You don’t need to be a tech expert to implement any of these. All you have to do is perform a quick search on YouTube for your router’s brand. For example, “How to update TP-Link router”.

  1. Change the “Admin” Password: Most routers come with a generic password like “admin” or “password.” If you’ve never changed it, do it today.
  2. Update the Software: Just like your phone needs updates to stay secure, your router does too. Look for “Firmware Update” in your settings. If your router is very old (6+ years) or is no longer getting updates, it would be in your best interest to buy a new one or get a new one from your provider. 
  3. Turn Off “Remote Management”: This is a setting that lets people access your router from outside your house. Make sure this is turned OFF.
  4. Don’t Ignore Warnings: If your computer or phone pops up a message saying “This site is not secure” or mentions a “Certificate Error,” stop what you’re doing. It could mean someone is trying to mess with your connection.

Quick Reminders

  • Cybersecurity is a shared responsibility: Please report all suspicious activity and unauthorized access to computers, software, and websites to the Office of Information Security.
  • Protect your password: Administrative Procedure 3720 specifically prohibits the sharing of login credentials. Never provide your password to anyone: not your coworker, not your boss, not even ITS.

 

If you have any questions regarding this or any other previous advisory, please do not hesitate to email the Office of Information Security.