CPCC blames ransomware attack for shutdown, says no signs personal data at risk
Central Piedmont Community College said Friday that it experienced a ransomware attack this week, but currently there is no evidence that any employee or student personal data has been compromised.
CPCC remained closed on Friday as the technology interruption canceled all virtual events and most classes. All classes scheduled for the weekend have been canceled, unless instructors notified students otherwise, the school said in a tweet.
The attack was discovered Wednesday night between 10 and 10:30, according to a Charlotte-Mecklenburg police report. The college’s Information Technology Services staff worked through the night to take systems like phone and email off-line as a precautionary measure, CPCC spokesman Jeff Lowrance said.
CMPD’s Cyber Crimes unit is investigating the incident. CPCC also is working with federal and state agencies such as the FBI and the N.C. Department of Public Safety to determine the extent of the intrusion, how to restore the offline systems and whether any systems need to be rebuilt.
While phone, email and the Blackboard learning system have remained off-line, the college has been communicating with students and employees through text, voicemail, social media and its website, according to CPCC.
The school also set up a website for updates: https://www.cpcc.edu/technology-interruptions.
“At this time, it’s not clear when these and other off-line systems will be restored ... The process cannot be rushed,” the release stated.
“We are aware this outage might impact class assignment and deadlines,” CPCC said on its website. “Instructors understand that students cannot complete assignments without access to resources and will ensure students have adequate time when systems are back online.”
Record data breaches in NC in 2020
Ransomware is a form of malware that targets computer systems and encrypts files, rendering them unusable, according to the Cybersecurity & Infrastructure Security Agency. The “malicious actors” then demand ransom in exchange for decryption, CISA says.
According to the N.C. Department of Justice, the state experienced a record of 1,644 data breaches in 2020, a 36% increase from the record set in 2019. The figure includes 356 caused by ransomware. Nearly 1.2 million North Carolinians were affected by data breaches, according to the state report.
The CPCC incident is just the latest case in which a public entity or business in North Carolina has been affected by a hacking or ransomware attempt:
▪ Last October, Chatham County was hacked and “sensitive data files” were posted online, The Chatham News + Record reported.
▪ The city of Durham and Durham County found a malware attack in March of last year. No data was stolen or breached, according to the Raleigh News and Observer.
▪ Last summer, Atrium Health said a cyberattack against one of its vendors included a database breach of the Charlotte hospital system, and some personal information about patients may have been compromised. However, Atrium said no medical records or information about medications or test results were compromised and no credit card or bank account information was stolen.
▪ In December 2017, Mecklenburg County learned a foreign-based hacker gained access to at least one government employee’s network log-in during a ransomware attack. The cyberattack knocked multiple data servers and many public services offline and caused widespread outages across county systems, the Observer previously reported.
This story was originally published February 12, 2021 at 2:06 PM.
