Lessons Learned: Community College Hit by Hackers

More than $800,000 was stolen in a hack of the banking account information at Cape Cod Community College in Massachusetts, showing yet again that data breaches happen to businesses of all sizes, not just large enterprises. 

On Friday, Dec. 7, school president John Cox informed faculty and staff of the breach, saying that many computers in the Nickerson Administration Building were hit with a phishing attack that used malware to infiltrate the school's accounts. The malware was used to steal banking information and transfer money away from the institution.

According to the Boston Globe, the school has recovered about $300,000 of the funds, working with TD Bank and law enforcement officials. Other attacks on the school's network have been prevented by school officials, who have also replaced all infected hard drives from the breach.

The attack started with an Internet outage that the school believed was an issue with its provider. 

To protect against future attacks, "Four C's" is working with local and national law enforcement to trace the roots of the attack, upgrading security measures campus-wide, and offering more training to employees on what to look for in a hack.

"This attack on our College’s security demonstrates the power and danger of modern cybercrime," Cox wrote to faculty and staff. "Despite ongoing cyber security training and continuous upgrades to the College’s network security, those with the power to execute a sophisticated malware attack found a way to do so."

Cox's email states that no personally identifiable information or records were impacted and all financial services are still fully operations.

Data breaches come in many forms, with some recent attacks using phishing, password reuse, and database hacking. Over the past month, large companies have been hit, affecting millions of users, but small businesses and even colleges are under constant threat of breach. If your business hasn't had a cyber security assessment or audit recently and uses the Internet, you are susceptible to an attack. 

Consider a SRVA by Archetype SC, which includes an internal scan on-site, a qualitative assessment of security practices, and an external scan from our offices. A deliverable report highlighting critical vulnerabilities will be provided to you, with a remediation plan to remedy any gaps uncovered in your security efforts. 

Email srva@archetypesc.com to schedule your assessment.