A ransomware attack on Gaston College exposed highly sensitive personal information of the people affected, the college said in a statement.
The attack, which took place between Feb. 21 and Feb. 22, allowed an individual to access and expose information from Gaston College’s network. The information exposed varied by individual, but may have included the name, date of birth, Social Security number, driver’s license number, financial account information, medical information, student information, and employment information of people within the network, according to the college.
Threat Analyst Brett Callow with the cybersecurity company Emsisoft, which tracks ransomware incidents, said that the hacker made the files from Gaston College available online on both the Dark Web and the regular internet. He also said that Gaston College was not alone in being targeted. In 2023, there were 56 ransomware incidents involving U.S. post-secondary schools, and data was stolen in at least 50 of those incidents, Callow said.
Gaston College did not respond to a question about how far back it keeps records for students and faculty. In its statement, the college said that the college became aware of “suspicious activity” within its servers on Feb. 22.
“We immediately worked to secure and restore our systems and launched an investigation, with assistance from the North Carolina Joint Cybersecurity Task Force… and we further involved third-party cybersecurity specialists, in an effort to determine the nature and scope of the event,” the statement said. “Gaston College undertook a comprehensive programmatic and manual review of the involved files to determine the type of information contained within the files and to whom the information related. On July 10, 2023, Gaston College completed the review of the impacted data and then conducted an additional review of its files for contact information to notify potentially impacted individuals about the event.”