A public community college in Missouri has become the latest victim of a phishing attack that targeted the personal information of over 5,000 college students and employees.
On Tuesday, Feb 4, St. Louis Community College announced it had been hit by a successful phishing campaign, which enabled cybercriminals to access the data stored in employee email accounts.
In a press release, the college explained that cybercriminals have launched “a series of email phishing attacks” targeting students and college employees, eventually resulting in the exposure of the personal details stored in the email accounts.
Among the details that were exposed include names, contact numbers, college email and personal email addresses, dates of birth, as well as home addresses. 71 people were also reported to have their Social Security numbers compromised.
“There was a phishing email sent,” said Nez Savala, St. Louis Community College’s communications manager. “About 20-some people fell for it and that gave whoever was on the other end access to information that was stored in their email which led to access to student and employee information.”
According to the college, the data breach was discovered on Jan. 13 after an employee clicked on an attachment from a suspicious email.
In response to the incident, the college is now in the works of notifying all affected individuals. College employees will also be taking on a training course that will teach them how to handle and share sensitive information.
As an explanation for their late action, the college pointed out that there are “several action steps needed to be taken” first.
“For example, the information needed to be collected and analyzed from multiple systems to identify all of the impacted individuals and ensure the accuracy of the information that was contained in employee email accounts,” the institution claimed.
Overall, officials admitted that it took them three weeks to fully understand what happened and to determine those who were affected by the incident.
"Colleges are well under attack. Criminals are very interested in getting our email addresses," said Chief Information Officer Keith Hacke. "They want to use those email addresses to get things at a discount that students get."
To date, the college promises that it will continue to investigate the incident and will soon implement a new security measure that would require students and employees to enter a code sent to their mobiles when attempting to access their emails.