East Central University, located in Ada, Oklahoma, recently experienced a directed cyberattack in February, as announced in a notification letter to its stakeholders.
While the cyberattack on ECU did not succeed in compromising the university’s critical services, it did manage to infiltrate various campus computers, posing a threat to data security and integrity.
“On February 16, 2024, East Central University experienced a directed attack from a cybercriminal group. While the criminals were not successful in taking down ECU’s critical services, they were able to conduct a successful attack on a variety of campus computers,” reads the notice on the East Central University website.
Cyberattack on ECU: Response and Mitigation
Upon detecting the incursion, ECU’s IT department swiftly mobilized a third-party cybersecurity response team to contain and mitigate the assault. Collaborating closely, the teams initiated incident response protocols to assess the extent of the cyberattack on ECU, fortify defenses, conduct forensic analysis, and gain visibility into the campus network and systems.
The two teams immediately began working through incident response protocols to determine the scope of the attack, deploy countermeasures, gather forensic data, and gain visibility into the campus network/systems,” reads the notice further.
Simultaneously, ECU embarked on password resets, critical service evaluations, and the implementation of an incident response strategy to staunch the breach’s impact.
To keep the university community informed and address individual concerns, ECU developed various internal communication channels. Direct email updates were sent to relevant parties, mandatory forums were held for employees, and optional public forums were organized for students to provide additional information and answer questions.
Furthermore, a dedicated webpage with frequently asked questions (FAQs) was created, offering comprehensive details about the cyberattack on ECU. To assist with inquiries, ECU established a designated email address and phone number for individuals seeking further clarification or expressing concerns.
Data Investigation
The investigation into the extent of the data compromised during the attack is still ongoing. At present, no evidence suggests that any information was accessed or taken. However, ECU recently discovered that a certain number of individual names and Social Security numbers may have been accessible to the cybercriminal group.
While there is no confirmation of unauthorized access or data theft, the university is providing this notice as it continues to investigate the matter thoroughly.
“This week, we determined that a number of individual names and Social Security numbers may have been accessible to the criminal group – while we have no confirmation that they were in fact accessed, much less taken, we are providing this notice while we continue to investigate,” reads the notice.
Cyber Threat on Higher Education Institutions
The incident highlights the increasing targeting of higher education institutions by cybercriminals. In a similar vein, the University of Winnipeg recently confirmed a cyber intrusion that occurred the previous month, revealing that the personal information of current and former students and employees was stolen. The breach, discovered on March 24, rapidly evolved into a significant data breach, leaving the university community deeply shaken.
As educational institutions continue to face cyber threats, the need for enhanced cybersecurity measures and proactive incident response strategies becomes ever more critical. Universities must remain vigilant, continuously adapt their security protocols, and prioritize the protection of sensitive data to safeguard the privacy and trust of their students, employees, and stakeholders.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
