alphv attacks Phillips Community College

Incident Date:

February 19, 2022

World map



alphv attacks Phillips Community College


Phillips Community College




Helena, USA

Arizona, USA

First Reported

February 19, 2022

Phillips Community College of the University of Arkansas Suffers Ransomware Attack

Phillips Community College of the University of Arkansas (PCCUA) has fallen victim to a ransomware attack orchestrated by the group ALPHV, leading to the unauthorized disclosure of sensitive data on the dark web. As an institution within the Education sector, PCCUA operates across multiple campuses located in Helena West-Helena, DeWitt, and Stuttgart, upholding its mission to deliver high-quality, accessible educational opportunities.

PCCUA, a multi-campus, two-year college, plays a pivotal role in serving the communities of Eastern Arkansas. The college has garnered recognition for its dedication to student success, evidenced by its invitation to join the Higher Learning Commission’s Open Pathway Construction Project, an innovative model for accreditation.

While the specific vulnerabilities exploited in the attack were not disclosed, the incident underscores a growing trend of ransomware campaigns targeting educational institutions. In 2022 alone, at least 24 U.S. colleges and universities experienced similar cybersecurity breaches. The ALPHV group, known for its aggressive tactics, has claimed responsibility for exfiltrating a database containing phone numbers, email addresses, among other sensitive information from PCCUA. This group has also been linked to attacks on other educational entities, including Florida International University.

This incident at PCCUA is indicative of a broader pattern of increased ransomware activity against educational institutions, with at least 37 attacks reported in the sector through March 2022. The FBI has highlighted the proliferation of Russian cybercrime forums that actively trade network credentials and virtual private network accesses belonging to employees of U.S. colleges and universities.

As of now, PCCUA has not issued a statement regarding the breach or the subsequent data leak. The investigation is actively ongoing, and further details will be disclosed as they become available.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.