Data belonging to a California community college has been compromised in a “sophisticated” cyber-attack.
Threat actors struck the Ohlone Community College District (OCCD) network in Fremont on January 20 2022, disrupting access to certain files. School officials said the private information of some staff, faculty and current and former students, was compromised.
Social Security numbers, dates of birth, driver’s license numbers, US alien registration numbers, medical information and bank account details were among the information potentially compromised during the attack.
Other data that may impacted included health insurance information, student ID number, race/ethnicity, class list, course schedule, disciplinary file, grades, transcripts and/or IEP/504 plan information.
The online student portal was down for 17 days, and Ohlone College’s phone and email systems were knocked offline for 10 days. A separate student information system was also impacted.
Ohlone Community College District is a multi-campus single community college district located in the southern portion of the San Francisco Bay in California. Through its main campus in Fremont and its Center for Health Sciences and Technology in Newark, as well as online, OCCD serves around 16,000 students per year.
In a statement released February 4, superintendent/president of OCCD, Eric Bishop, said an unknown party had accessed “certain portions of our network” and that an investigation had been launched into the security incident.
“The college continues working with third-party specialists to investigate how this incident occurred and what impact it had on our systems,” said Bishop.
He added: “Although we have no evidence of misuse of information, we are proactively notifying individuals with information stored on our network.”
The college reported the incident to law enforcement and set up a dedicated assistance line to help individuals affected by the ransomware attack and subsequent data breach. OCCD said that it is offering data breach victims access to free credit monitoring and identity protection services.
Since falling prey to the cyber-attack, OCCD has taken action to improve its cybersecurity.
“In response to this incident, we changed account passwords and are implementing additional security measures. The college is also reviewing its policies and procedures related to network security,” said OCCD in a statement.