Phishing attack exposes personal information of 5,000

St. Louis Community College, a four-campus system with more than 50,000 students, announced Tuesday that a successful phishing campaign last month compromised the personal information of more than 5,000 students and employees.

The college issued a notice that “a series of email phishing attacks” discovered on Jan. 13 resulted in the exposure of names, student ID numbers, dates of birth, addresses, home phone numbers, cell phone numbers, and college and personal email addresses for 5,127 people. Of those affected, 71 also had their Social Security numbers compromised.

“There was a phishing email sent,” said Nez Savala, the college’s communications manager. “About 20-some people fell for it and that gave whoever was on the other end access to information that was stored in their email which led to access to student and employee information.”

Those who clicked on the phishing links will be retrained on how to identify suspicious emails, a training session that all staff currently undergo annually, Savala said. Additionally, she said, all staff will be trained within the next 30 days on how to handle and share sensitive information.

Unfortunately for the college, the attacks came as it implementing multi-factor authentication for its email platform, a measure that may have prevented exposure of personal information. That functionality, however, was not launched until Jan. 31, Savala said.

To respond to the incident, the school notified those affected by email and traditional mail, set up a call centre to field questions and offered free credit monitoring to those whose Social Security information has been exposed.

To explain the delay between identifying the incident on Jan. 13 and its public notice on Feb. 4, the college explained that first “several action steps needed to be taken.”

“For example, the information needed to be collected and analyzed from multiple systems to identify all of the impacted individuals and ensure the accuracy of the information that was contained in employee email accounts,” the notice states.

The college reports it’s notified the Department of Education’s Office of Inspector General and the Family Policy Compliance Office and that it will continue to investigate the incident.

Phishing emails are a common attack vector in K-12 and higher education institutions. A similar scam, called a business email compromise, resulted last month in the theft of $2.3 million at a K-12 district in Texas.

Source: https://edscoop.com/phishing-attack-exposes-personal-information-of-5000-at-community-college/

Want to get the best solution for your business?

At Tristar Tech Solutions, we take a realistic approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might be and identify actions to take.

To book a consultation or to arrange a further discussion, please get in touch.

If you’re looking for IT support in Hertfordshire or IT support in North London, contact us today, and a member of our team would be more than happy to advise you.