Michael Urbanec reports:
Illinois Valley Community College has sent out more than 160,000 letters to current and former students, faculty and applicants warning them that their data may have been compromised in connection with a data breach back in April.
This attack was originally noted on this site in April, but this site had followed up in September and had questioned whether the school should have been sending out notifications based on the Pysa ransomware threat actors’ claims and data dump on their dedicated leak site.
Cheryl Roelfsema, IVCC’s vice president for business services and finance, said that, as of now, the school is unaware of any incidents related to the data obtained from the breach.
“The bottom line is, when in doubt, that group was added to the list,” IVCC President Jerry Corcoran said. “We wanted to err on the side of having an abundance of caution to give everyone a heads up to be aware of the situation.”
Comment: An abundance of caution seems warranted when you don’t know what happened, but notification at the end of November seems to be a slow response when data was already in the wild by September, and possibly as early as April, and the school could not definitely confirm that no other data had been exfiltrated.
Read more on BCRnews.