Lansing Community College has finished an investigation into a cyberattack that hit it back in March, and confirmed that hundreds of thousands of people were affected.
The attack forced the university to temporarily suspend online courses and shut down its campus WiFi. Now, after contracting third-party cybersecurity investigators, Lansing has learned that more than 758,000 people had their names and Social Security numbers stolen as a result of the data breach.
Such information is online gold for cybercriminals, who can use it to impersonate people on the internet and commit fraud and other crimes.
Lansing confirmed that the threat actor or actors behind the attack likely had access to its internal computer systems between December 25th and March 15th. Affected individuals from Maine state, which imposes strict reporting requirements for data breaches concerning any of its residents, have been notified in writing.
All 138 victims from Maine have also been offered a year’s worth of free identity theft protection and credit monitoring services free of charge by way of compensation.
What is less clear is whether the other victims residing in different American states have been offered the same courtesy, or indeed why a university that has 19,000 students had data on so many people in the first place.
Cybernews understands that the high victim tally might be due to Lansing’s online students, who are not counted in the above figure, and possibly details of third-party contractors being stored on its systems.
In its letter to Maine residents, the college said that it had “no evidence of any identity theft or fraud in connection with this incident” but added that its “extensive review identified certain employee, student, and vendor information was present within the records” to which it suspects threat actors had access.
Lansing further adds that it has provided written notice of the incident to “relevant state regulators” and credit reporting agencies, Equifax, Experian, and TransUnion.
Community colleges in America appear to be increasingly a top choice of target for cybercriminals, who brought Northern Essex and Bristol, both in Massachusetts, to their knees in December and March respectively.
Your email address will not be published. Required fields are markedmarked