Augustana College Hit By Ransomware Attack

May 13, 2019

Example source code of ransomware
Credit Christiaan Colen / Creative Commons

Some students, staff, and alumni of Augustana College in Rock Island have had their social security numbers and dates of birth stolen, after one of the college's servers was hacked in February.

Ten students, graduates, and employees of Augustana told WVIK they recently received a letter from Augustana notifying them of a ransomware attack on the college that Augustana discovered "on or about February 18, 2019."

Ransomware is a type of computer virus that is used to extort money. A hacker with ransomware can block access to a victim's computer or server, threatening to reveal the stored data unless a ransom is paid.

A spokeswoman for Augustana declined to answer questions from WVIK, including how many people were affected by the ransomware attack, whether the college paid a ransom to the hacker, and why it took the college more than a month to notify affected individuals after the college confirmed April 1 that the hacked server contained social security numbers and dates of birth.

The college issued this written statement to WVIK:

Augustana is committed to maintaining a secure computing environment and preserving the confidentiality of our electronic information. We are partnered with external agencies and are following their guidance. We have taken swift, comprehensive action and will continue to review and improve our security procedures to ensure that personal information is protected. Augustana currently has no evidence of attempted or actual misuse of this information. Only those that were impacted have been notified. If people have questions, please direct them to call the free assistance line at 855-662-8108.

Many of the students and alumni say their letter was mailed to their parents' address rather than their current address, causing delays in their awareness of the security breach.

An alumnus of Augustana provided WVIK with their later, dated May 7, 2019, and attributed to Augustana Chief Financial Officer Kirk Anderson. The letter reads:

Dear [Recipient's Name]:

Augustana College ("Augustana"), recently discovered an incident that may affect the security of your personal information. We want to provide you with information about the incident, steps we are taking in response, and steps you can take to better protect against the possibility of identity theft and fraud, should you feel it is appropriate.

What happened? On or about February 18, 2019, Augustana discovered a ransomware attack opon one of its servers. Augustana immediately launched an internal investigation and engaged the assistance of third-party forensic investigators. Through this investigation, on or about March 18, 2019, Augustana confirmed there was unauthorized access to one of its servers.

What information was involved? On or about April 1, 2019, after a thorough review process conducted by external forensic investigators, Augustana confirmed the impacted server contained the following personal information related to you: Social Security number and date of birth. Augustana currently has no evidence of attempted or actual misuse of this information.

What are we doing? We take this incident and the security of your personal information seriously. Augustana identified and mitigated the incident by immediately taking the affected server offline and moving the stored information onto other servers. We have been working with third party vendors to enhance the existing security systems in place and to guard against future attacks of this nature. We also are exploring how we can continue to enhance the security of our systems, including providing additional training to users on how to identify malicious links. We are providing you with information you can use to better protect yourself against identity theft and fraud, as well as access to 24 months of complimentary credit monitoring and identity restoration services with Experian. Instructions for enrolling in the credit monitoring services, as well as additional information on how to better protect against identity theft or fraud, are included in the attachedĀ Privacy Safeguards.

What can you do? Review theĀ Privacy Safeguards for additional information on how to better protect against identity theft and fraud. Enroll to receive the complimentary credit monitoring and identity restoration services described above.

For more information. We understand you may have questions that are not addressed in this notice. You can call our toll-free dedicated assistance line at 855-662-8108. This free line is available Monday through Friday from 6:00 a.m. - 6:00 p.m. PST, and Saturday and Sunday 8:00 a.m. - 5:00 p.m. PST excluding major national holidays. We apologize for any inconvenience or concern this incident causes you.

Sincerely,

Kirk Anderson

Business Officer

According to an analysis conducted in 2016 by the cybersecurity ratings company BitSight, educational organizations are more likely to be hit by ramsomware attacks than organizations and agencies in energy/utilities, finance, government, healthcare, and retail. The analysis states that educational organizations tend to have tighter budgetary constraints, smaller IT teams, and more frequent file sharing than other industries, all of which could account for the higher incidence of ransomware attacks.

According to the FBI, ransomware hackers commonly demand payment in the form of digital currency, such as cryptocurrency, which is harder for law enforcement to trace back to the hacker than if payment is made in cash. The FBI advises victims against paying ransoms, as there is no guarantee upon payment that the data will not be leaked.