[BreachExchange] Eastern Maine Community College Data Breach Exposed 42000 Records

Destry Winant destry at riskbasedsecurity.com
Tue Aug 21 00:35:53 EDT 2018


https://latesthackingnews.com/2018/08/19/eastern-maine-community-college-data-breach-exposed-42000-records/

Continuing with the trail of data breaches at colleges and
universities, a recent attack has put 42,000 records at risk. The
Eastern Maine Community College suffered a malware attack targeting
several computers. As a result, around 42,000 records of former
students and employees were exposed in the EMCC data breach.

42K Records Exposed In EMCC Data Breach

Eastern Maine Community College suffered a malware attack resulting in
a compromise of records. The news surfaced online after officials
released a media statement on Friday, regarding the EMCC data breach.
Reportedly, the malware attack resulted in a breach of 42,000 records
of former students and faculty.

Explaining about the affected individuals, the college states, “The
group includes individuals who attended EMCC between summer 1998 and
summer 2018 or were employed by the college between 2008 and 2018.”

Supposedly, breached details include usernames, passwords, and email
addresses associated with the college domain. Although the college has
identified no direct loss of data, they still suspect the breached
records included personal information as well, such as the names,
contact addresses, dates of birth, and Social Security numbers.

EMOTET Attack Identified As Source Of Breach

According to the EMCC press release, the breach occurred as a result
of a malware attack. Allegedly, the malware infected several college
computers. The college suspects it to be EMOTET malware – a robust
modular banking Trojan classified among the “most costly and
destructive malware” by the US-CERT.

After noticing the incident, EMCC reported it to relevant law
enforcement authorities and has begun investigations. The college is
also employing measures to ensure the infection is removed from its
systems.

While announcing the data breach, Lisa Larson, President EMCC, says in
a statement,

“We very much regret the inconvenience or concern this incident may
cause. EMCC takes seriously the protection of personal information,
and our efforts to improve and strengthen our electronic security are
ongoing. Unfortunately, institutions of all kinds around the world are
increasingly subject to sophisticated and aggressive hacking tactics
such as the one involved in this incident.”

Besides, EMCC will begin notifying the 42,000 affectees “out of an
abundance of caution” via separate letters. Moreover, the college is
also offering free credit monitoring and identity restoration services
to the affected individuals.


More information about the BreachExchange mailing list