Pellissippi State Community College sent out a mass email notification Tuesday afternoon in regards to a December attack on a database that put the personal and password information of current and former students, faculty and staff at risk.
The email was sent to everyone who could have been affected by the data breach, per information published on Pellissippi’s website.
As the school’s final exam period began, on the night of Dec. 5, attackers initiated a ransomware cyberattack on at least one of the community college’s internal systems. The attack lasted into the next morning. It left numerous students without access to on-campus internet and resulted in the school’s decision to push back the date for its spring semester entrance exams.
Pellissippi has confirmed that its active directory database — which contains information including the personal addresses of students and employees, as well as their college user account passwords — was compromised in the attack. Credit card information, stored in a different database, was not affected.
However, the school could not confirm that the active directory database was the only system to be breached. Pellissippi’s website currently provides links to free credit monitoring services.
Exposed user account passwords would require cyberattackers to decipher them before they could be viewed, as the passwords were masked using a hash algorithm.
The school noted that it would be possible for the attackers to access the passwords, given sufficient time.
In a phone conversation with The Daily Times, Julia Wood, executive director of marketing and communications for Pellissippi State, said that she could not say definitively whether the breach would affect students and employees who have not been associated with the school for years.
Wood noted Pellissippi’s main database, which stores more information the school has collected regarding students and employees than the active directory, was not breached during the attack, and such information is unlikely to have been compromised.
Wood was not able to speak to specific steps Pellissippi is taking to strengthen its data security in the wake of the attack, as she said that cybercriminals might use such information in planning further attacks.
In addition to cooperating with law enforcement to assess the vulnerabilities that may have led to the breach, the school hired a cybersecurity firm to conduct a review of potential cyberthreats. Pellissippi will also conduct an after-action review of the incident to determine how to better avoid future breaches.
(0) comments
Welcome to the discussion.
Log In
Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
PLEASE TURN OFF YOUR CAPS LOCK.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.