Napa Valley College Suffers Ransomware Attack

Napa Valley College, a community college in Northern California, has been battling a ransomware attack for over two weeks. The attack, which was first detected on June 10, 2022, disrupted the college's website and network systems, causing a possible data breach. The college's website remains offline, and many of its services, including employee email accounts and phone systems, are still unavailable.

The college, operating within the Education sector, has engaged with the U.S. Secret Service, Department of Homeland Security, and a cybersecurity firm to mitigate the attack's impact. Approximately 8,000 individuals associated with the college were notified of a potential data breach. The compromised information may include first and last names, Social Security numbers, and other sensitive data elements.

Despite historically underinvesting in IT, Napa Valley College had initiated upgrades to its IT infrastructure when the attack occurred. The timing was particularly challenging for the state's newly appointed interim IT director, Daniel Vega, who took office just a day before the attack commenced. In response, the college has implemented workaround solutions to continue serving students, such as hosting in-person events for class registration and conducting Zoom Q&A sessions for enrollment and financial aid inquiries.

The ransomware attack has hindered the college's ability to distribute transcripts and financial aid payments promptly. However, physical transcripts have been mailed to those who requested them, and digital copies are being distributed as well. Despite these challenges, the college has maintained its schedule of online and in-person summer session classes.

In efforts to bolster network security and prevent future attacks, Napa Valley College has taken significant steps to enhance its cybersecurity posture. The California Department of Education has expressed satisfaction with the college's response to the incident. Additionally, the college has proactively notified all potentially impacted individuals as a precautionary measure.

This incident is indicative of a broader trend affecting the higher education sector, with 64% of institutions globally reporting ransomware attacks last year. Several other community colleges have also experienced similar cybersecurity challenges in the recent past.

Sources

• Napa Valley College Recovering After June Ransomware Attack
• Ransomware attack caused ongoing Napa Valley College internet and phone system outage
• Napa Valley College Alerts 8,000 About Possible Data Breach