It seems I missed an announcement that another North Carolina community college got hit with ransomware (or is this the mysterious listing I saw briefly on a dedicated leak site but it was gone before I could note the name and details?). In any event, on August 24, Piedmont Community College (PCC) in North Carolina reported that they had discovered what they described as a “cyber-incident.” The college took critical systems such as VPN access and other services offline by the end of that day.
On October 1, the college issued an update stating that they were continuing to work on repairing systems impacted by what they now labeled a ransomware attack. They make no mention, however, of any ransom demand, the type of ransomware, and whether they have a usable backup to restore from. Their update notes some help they were receiving:
We are grateful to legislative allocation of funds for Rural Broadband Access Funds that will enable us to purchase additional hardware and services as part of our overall restoration.
It is now two months since the attack. What do they know? Was any student or employee data accessed? Was any exfiltrated? What are they doing about protecting students and employees if there is a chance they are at risk? Are systems fully restored?
DataBreaches.net has reached out to PCC to ask for more information and will update this post if a response is received.
Update of October 29: Dr. Pamela Senegal, the President of PCC, responded to this site’s inquiries: “We are not interested in sharing the requested information with this site.”
Oh. Well who is PCC sharing it with? So far, it seems like they are not sharing it with stakeholders, as there is nothing on their site to inform current and former students and employees whether their personal information has been accessed or exfiltrated.
Dr. Senegal doesn’t want to share information with this site, but someone who describes themself as having knowledge of PCC claims that PCC had been warned that it wasn’t a matter of if [they would be hacked] but when:
“The PCC IT dept was ill prepared,” the individual, who asked to remain anonymous, wrote. “Backups and patching not kept up with. Backups on windows and Solaris based systems were compromised. Phone system was rolled back to an early August restore point. End users couldn’t access their voice mails or use phone features afterwards. Systems were down 4 weeks while everything was being rebuilt. Next 2 weeks saw incremental improvements.
PCC IT is understaffed and inexperienced. All experienced staff have left the school over the past 2 years…. They rely on one contractor to keep critical infrastructure running. 36-49 users have local admin rights to their computers.
The state has not commented what the malware was by name. Or its intrusion vector.
PCC has not been forthcoming to current or former students if their personal information was downloaded. Same for faculty and staff.
That PCC does not want to share information with the media or this site in particular is unfortunate. That they are allegedly not sharing vital information with those who may be directly impacted is troubling.
If anyone — including the threat actors — has further details on this incident that they are willing to share, please contact this site via e-mail to breaches[at]protonmail.ch or via Signal +1-516-776-7756.