On January 13, St. Louis Community College discovered a successful cyberattack on staff that resulted in the exposure of sensitive information – including name, student identification number, date of birth, address, phone numbers, and email addresses – for 5,127 individuals. Social Security numbers also were exposed for 71 of those individuals.
Most of the accounts compromised by the phishing attacks were secured within 24 hours of the incident, and all accounts were secured within 72 hours of the incident, according to a statement from the college released on Tuesday, February 4.
Before announcing the attack, according to the statement, information needed to be collected and analyzed from multiple systems to identify all of the impacted individuals and ensure the accuracy of the information that was contained in employee email accounts.
The college stated that is in the process of notifying affected individuals. It has contacted the Department of Education’s Office of Inspector General and the Family Policy Compliance Office of the breach. The college also will require all faculty and staff to be re-trained in handling and sharing sensitive information within 30 days.
The Federal Trade Commission urges anyone who gets a phishing email – a fraudulent email asking for personal information – to forward it to the Anti-Phishing Working Group at email@example.com. If you get a phishing text message, forward it to SPAM (7726). Also, report the phishing attack to the FTC at ftc.gov/complaint.
If you think a scammer has your information, like your Social Security, credit card, or bank account number, the FTC advises that you go to IdentityTheft.gov where you’ll see the specific steps to take based on the information that you lost.