[BreachExchange] Data breach at Ohlone College compromises students', staff personal information

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Thu Feb 10 09:47:44 EST 2022 

https://www.ktvu.com/news/data-breach-at-ohlone-college-compromises-students-staff-personal-information

The Ohlone Community College District is confirming that many of its staff
and students are getting assistance in case identity thieves and other
criminals try to take advantage of them following a data breach.

Since January 20, the District says it has "experienced a network
disruption" that does not allow access to certain files on its network. In
other words, it appears that Ohlone was hacked and the data of current and
former students and staff was compromised.

That includes massive amounts of personal information, which likely
includes names, date of birth, student ID numbers, Social Security numbers,
U.S. alien registration number, race and ethnicity, driver’s license
numbers, financial account numbers, routing numbers, financial institution
name, medical information, health insurance information, class list, course
schedule, grades, transcripts and disciplinary files.

This is pretty much everything required to steal someone's identity and
commit everything from financial fraud to out-and-out extortion.

Off camera, a student confirmed that there is an ongoing problem not yet
resolved. Averroes High School, is a partner with Ohlone College. "We also
enroll in college classes here. So we would like go to our classes would be
like, 'our WiFi is out.' So, Ohlone classes were canceled for like a week
or two weeks I think," said Averroes High School Student Safa Mohamme

It's been a long haul hack requiring students using their own phones to do
internet research. "It's been a couple weeks and, you know, we're not able
to like access anything. We go to school. We access the hotspots," said Ms.
Mohamme.

The Ohlone District says, though it has "no evidence of misuse of
information, in an abundance of caution, we are offering potentially
impacted individuals access to free credit monitoring and identity
protection services."

"I hope that our passwords and encryption are good enough. But, my mom has
been getting stuff about her credit cards. She had a Walmart transaction
that she never did and it's making me think maybe that's the reason," said
Mohamme.

The College did say that a ransom demand was made, but no ransom was paid.
Police and cyber experts are assisting the college.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220210/c8bbb6f3/attachment.html>

More information about the BreachExchange mailing list