A data breach at Guilford Technical Community College last month affected thousands of current and former students, DataBreaches.net reportedIn just one file alone, DataBreaches.net found personal information of 43,000 students, including their names, Social Security numbers, and phone numbers.

The North Carolina community college was crippled by a ransomware cyberattack in mid-September, in which a hacker got unauthorized access to the school’s computer systems.

The college has since reached out to students, faculty, and staff members who may have been impacted, and will offer credit monitoring and identity restoration services for one year following the incident.

Associated Press reported that while the college did not comment extensively “due to the ongoing nature of this investigation,” it is currently investigating the cyberattack with the assistance of cybersecurity experts, state agencies, and the FBI. 

Rise in Ransomware Cases

Research indicates that the education sector is one of the least-prepared industries to fend off cyberattacks. In 2019, 89 US universities, colleges, and school districts fell victim to these attacks, followed by at least 30 in the first five months of 2020. 

Universities are bound to contain confidential information about their students, research, patents, and other types of intellectual property data. Since email addresses and other information are readily available, cybercriminals often exploit this opening to send phishing emails.

One particular form of ransomware, the NetWalker, hit three colleges around the United States this year: Michigan State University, Columbia College Chicago, and the University of California in San Francisco. The hackers threatened to publish all their stolen student, personnel, and financial records if the institutions would not pay within seven days. 

NetWalker creators distribute the ransomware through phishing and spam, as well as other large-scale network infiltration methods like hacking unsecured wireless devices connected to WiFi networks. Once it manages to penetrate a network, it is immune to antivirus software.