A phishing attack targeting Chesapeake College has resulted in the unauthorized access of a limited number of employee email accounts.
Chesapeake President Dr. Clifford Coppersmith said the attack occurred between January 3, 2018 and April 27, 2018. Upon learning of the issue, the College immediately hired a team of external cyber security professionals to conduct an extensive forensic investigation and manual document review to determine the extent of the incident and provide notice as soon as possible.
Beginning this week, a total of 610 students, faculty, staff and prospective employees are receiving notification letters mailed to their last known address informing them that the email accounts contained some of their personal information and may have been accessed by an unauthorized third party.
Based on the investigation, there has been no evidence to date that any of the personal information has been misused, but the College is taking every precaution to notify and protect affected members of the campus community and improve internal controls, according to Coppersmith.
“We regret this incident occurred and have worked as quickly as possible with a team of experienced consultants to modify and improve our cyber security practices,” he said. “These measures will not only enhance the security and privacy of personal information to keep it in our possession but also reduce the likelihood of future attacks of this kind.”
Coppersmith said that only individuals who receive notification letters from the College over the next two weeks are affected by the phishing attack.
The letters detail what personal information has potentially been impacted and provide guidelines on steps the individuals can take to further protect their information. Individuals whose Social Security numbers and/or driver’s license numbers were possibly affected are being offered a complimentary, one-year membership to a credit monitoring service.
“We are not alone in facing this difficult issue,” Coppersmith said. “Unfortunately, academic institutions across the United States are cyber targets and have experienced similar attacks. It underscores the importance of taking information security seriously and exercising appropriate password protocols to protect your, and others’, personal information.”
Individuals with any questions should call Chesapeake’s dedicated and confidential toll-free response line at 877-877-2596. The response line is staffed with professionals familiar with the incident and knowledgeable on what can be done to protect against misuse of information. The response line is available Monday through Friday, 9 a.m. to 9 p.m. Eastern time.