Montgomery College (MC) in Maryland issued a memorandum to students and staff members yesterday acknowledging that the school lost $2.8 million in a 2019 cybersecurity attack when an intrusion allowed for money to be stolen and placed in a fraudulent bank account.
The report also outlined additional details of the crime, the financial auditor’s findings, and control measures taken by the college to deal with the incident.
In September 2019, MC announced that it had fallen victim to a cyberfraud scheme, but released few other details, citing an ongoing investigation.
Director of media and public relations Marcus Rosano assured at the time that no personal information from students or staff was compromised.
In a press release, the college said that was been to recover $1.1 million — 39 percent of the original loss. The credit goes to college authorities who quickly took action after the incident. They performed a thorough internal investigation and worked closely with law enforcement agencies, banking partners, and Montgomery County’s inspector general.
The net loss — $1.7 million — is 0.5 percent of the college’s 2020 fiscal year budget. This will not affect the college’s ability to continue standard operations.
MC is “still hoping to recover more of the stolen funds through ongoing investigations. Given MC’s strong fiscal stewardship, it is able to manage this loss within the budget and will not ask the county or state to make up for the lost funds,” the news release reads.
The college has since implemented internal controls and cybersecurity awareness sessions. MC is also launching a new Bachelor’s degree program in association with SANS Technology Institute to kick off Cybersecurity Awareness Month in October. The degree will allow students to build an affordable, high-quality pathway to a cybersecurity career.
The college’s cyber awareness website provides information, tips, and videos to protect against cyber threats.
To avert similar risks in the future, MC conducted training to “strengthen employees’ skills at fraud detection in an effort to protect the institution from future attacks.” According to the college, over 2,000 employees have taken cybersecurity training in the past 13 months.