Threat actors launched ransomware attacks against three U.S. colleges seizing the data on students applying for admission to the schools and demanded 1 Bitcoin or approximately $3,800 from students to retrieve their “entire admission file.”
Attackers targeted Oberlin College in Ohio, Grinnell College in Iowa, and Hamilton College in New York to seize teacher recommendations, admissions department comments, and more, according to the Wall Street Journal.
The cyber criminals were able to access the information after phishing passwords from staff in order to gain access to the colleges’ networks and then to take control of the databases that held the student’s information.
Each of the colleges use Technosolutions’ Slate platform to manage their admissions process and the company’s CEO Alexander Clark told the Journal his company has been in contact with the three colleges and requested they “review the security practices of their single sign-on and password reset systems.”
The attacks may have been thwarted if the colleges had used two-factor authentication.
