IMPERIAL – Imperial Valley College on Thursday, Nov. 19, announced that the Aug. 6 ransomware attack does not appear to have resulted in the misuse of any personal information that might have been exposed.
The college also disclosed that the information potentially exposed might have included names and addresses along with either a Social Security number, tax identification number, financial account information, health information, and/or a username and password.
“(The Imperial Community College District) has identified no evidence that any sensitive information was accessed, viewed or downloaded, however, such actions cannot be ruled out,” according to the campus’ Nov. 19 statement.
While the Aug. 6 incident helped identify a specific weakness that has since been fixed, IVC acknowledged that its open nature and complex computing needs still makes it vulnerable to future threats and attacks.
In the wake of the criminal ransomware attack, the college has invested heavily in its technology to help protect it against future incidents, according to the college.
Those measures include the 24-hour monitoring of campus networks and information technology infrastructure, as well as the technology’s continuous assessment to identify any vulnerabilities that need to be addressed. The college is also working to purge old data and to encrypt all other data.
“These steps, in addition to individuals using strong passwords and two-factor authentication, are expected to reduce the likelihood of an incident like this occurring again,” according to the statement.
Further, rather than risk increased disruption to the campus community in the wake of the attack, IVC officials decided to work with its cyber insurance provider to pay $55,068 to the ransomware attacker.
“The decision to pay the ransom was made with students and employees in mind because it provided the fastest and most cost-effective resolution,” the college district stated. “It was also a proactive and preventive step to ensure information was not released on the internet.”
The campus’ investigation determined that an unknown source hacked an unspecified campus account that then provided access to district’s computer network.
At the time of the incident, the college’s IT department notified appropriate law enforcement entities, and engaged a third-party forensic company to investigate the cause and scope of the hack, which was identified as being a variant associated with Sodinokibi, a family of malware that attacks Windows-based systems.
The ransomware attack came 11 days before the start of the fall semester, rendering its servers temporarily inaccessible and prompting the semester’s start date to be delayed a week. Immediately following the incident, college servers had been isolated from the rest of the college and the internet.
“It was determined that approximately .09 percent of the data on the servers was affected by the attack,” IVC reported.
In contrast to the ransomware attack that impacted the county’s computer systems in April 2019, IVC did not rebuild its systems from the floor up. The college instead chose to have its IT department and consultants extensively reprogram the system, IVC previously reported.
The college had also taken measures to notify campus community members who may have potentially had their personal information accessed. It has recommended that individuals regularly review and monitor all account statements and credit history, and to report any suspicious or unusual activity to their financial institution.
Affected individuals have also been provided free credit monitoring.
To sign up for credit monitoring or place a 90-day security alert or credit freeze on a credit file, impacted individuals are urged to contact the dedicated call center at 855-914-4656, 6 a.m. to 6 p.m. Mondays through Fridays, Pacific Standard Time.
The same number can be called for additional information regarding the incident, or to determine whether an individual was potentially impacted.
In its Nov. 19 written statement, the Imperial Community College District provided a timeline of events that highlighted its response to the incident.
The ransomware investigation began Aug. 19, after primary systems were stabilized. The systems necessary to investigate potential data exfiltration were repaired and in place on Aug. 24. The suspect’s data files were turned over to the contracted consultant for inspection on Sept. 11.
The consultant provided IVC officials with a file on Oct. 16 that allowed the campus to begin processing notifications for those who were affected. On Nov. 3, those impacted individuals were notified.