KGUN 9NewsStatewide News


Maricopa Community Colleges says ‘no evidence’ of personal info breached in cyberattack

BBB warns of 'synthetic' identity theft that combines information from multiple people
Posted at 9:46 PM, Mar 22, 2021
and last updated 2021-03-23 00:46:50-04

Officials with the Maricopa County Community College District said on Monday that there is no evidence of any breach of sensitive student information after a cyberattack was discovered last week.

ABC15 followed up with school officials about their investigation into the early signs of a cyberattack that were discovered last week.

In a statement, a spokesperson wrote, “MCCCD already had a plan in place to quickly address potential network threats, which includes engaging forensic specialists to help us investigate the situation to understand what happened and if any information may be at risk. The investigation is still ongoing, however, there is no evidence of any breach of sensitive student information, such as social security numbers, educational information or financial data at this time. It’s also important to note that our student information system and our human resources management system are cloud-hosted applications and there is no impact to those systems.”

On Friday, officials said suspicious activity was identified on the network on Tuesday that "appears [to] be related to the early stages of a cyberattack."

As a result of the network outage, school officials said on Friday that they would have to add an extra week off to Spring Break for most classes.

In a statement Monday the Maricopa County Community College District says:

"MCCCD recognizes the impact and concerns these disruptions have on our students and employees. College leadership will work with faculty on implementing extensions, and any missed assignments or exams will be rescheduled.

Class instruction for all modalities will resume on March 29, 2021 (by individual exception some clinicals will resume as scheduled), and Spring semester will be extended one week to May 22, 2021."

A research-based cyber-security company found in 2020 that MCCCD had one of the largest known breaches.

Comparitech wrote about the largest education data breaches that they could find:

“According to our findings, there were 9 breaches that have affected half a million or more records. These are:

  • 2013, Maricopa County Community College District Data Breach = 2.49 million records affected: A number of databases were breached and the records of nearly 2.5 million students, graduates, and staff were made available on the internet. As previously mentioned, this breach came with a lot of controversy due to the length of time it took for those affected to be notified.
  • 2017, Harvard Computer Society = 1.4 million records affected: In this breach, over 1.4 million emails, which contained personal information of members of the Harvard Computer Society, were publicly available for a period of time.
  • 2019, Georgia Tech = 1.27 million records affected: A central database was hacked, potentially exposing the records of nearly 1.27 million students, faculty, and staff members.
  • 2017, Washington State University = 1.12 million records affected: Thieves broke into a storage locker and stole a safe. The safe contained a computer hard drive backup with over a million personal records, including social security numbers (SSNs).
  • 2006, University of California at Los Angeles = 800,000 records affected: Hackers gained access to the university’s database which contained personal details on numerous people, the majority of which included current and former students and student applications. Personal details included SSNs, home addresses, dates of birth, and contact information.
  • 2010, Ohio State University = 750,000 records affected: Unauthorized individuals managed to log onto the university’s server, gaining access to SSNs, date of births, addresses of current and former students, and details on staff and faculty members.
  • 2012, University of Nebraska = 654,000 records affected: Hackers may have gained access to a database that contained details on current students and alumni dating back as far as 1985.
  • 2019, Clark County School District = 559,487 records affected: As previously mentioned, this breach was part of the Pearson’s Education, Inc. data breach which affected numerous school districts.
  • 2018, San Diego Unified School District = 500,000 records affected: A phishing attack enabled hackers to gain access to the district’s central student database.”

MCCCD said in a statement that they’ve worked to identify cyber attacks, “Over the past several years, we have continued to invest in security tools and technology. These efforts allowed us to quickly identify early indicators of a cyberattack and immediately disconnect all systems from the internet. Although the forensic investigation is still ongoing, we are not seeing any breach of sensitive student information, such as social security numbers, educational information or financial data.”