Several employees fell for a phishing scam that compromised students’ personal information. The phishing scam, which took place on January 13th, happened just weeks before the school implemented 2-factor authentication on January 31st. If this effective defensive measure was in place sooner, hackers would not have been able to access employee accounts, even after they provided their credentials on a phishing form. In response, the college is retraining employees who clicked on a phishing email, and they are updating their procedures to prevent a similar event in the future.
Students’ personal data was compromised in the breach, including names, ID numbers, dates of birth, addresses, phone numbers, and email addresses. In addition, 71 students had their Social Security numbers stolen. This information can be used to execute identity fraud or to target victims with spear phishing campaigns that could provide hackers with even more damaging personal data.