NoEscape launched a cyber attack on Hawaii Community College, resulting in a data breach. The college became the victim of a targeted ransomware attack where the threat actor claimed to have accessed “personal documents of the company as well as the data of their students.”
On Tuesday, June 13, officials at Hawaii Community College were alerted to the cyber attack on their systems.
To mitigate further risk, the university’s System Information Technology Services promptly took the college’s network offline. They implemented additional security measures to protect the entire UH network against data breaches and cyber-attacks.
The University of Hawaiʻi can confirm that Hawaiʻi Community College was the target of a ransomware attack. Hawaiʻi CC representatives are actively working with federal authorities and cybersecurity experts”, reads the official statement regarding the Hawaii Community College data breach.
The Hawaii Community College breach comes close on a cyber attack on the University of Hawaiʻi Maui College, disclosed in April.
Hawaii Community College data breach: Explained
The UH System’s Information Technology Services team found that the ransomware attack was isolated to Hawaii Community College, and no other UH campuses were affected.
The Hawaii Community College has collaborated with the federal law enforcement agencies and cybersecurity experts to investigate the data breach and ensure its complete resolution.
The University of Hawaii’s cybersecurity experts are confident that the Hawaii Community College data breach has not impacted the other UH campuses.
The University of Hawaii has released an official statement regarding the ransomware attack on Hawaii Community College, confirming the incident and assuring the public of their immediate response to the attack.
Previous cybersecurity incidents at the University of Hawaii
On April 6, 2023, the University of Hawaii reported an incident similar to the Hawaii Community College data breach. In this particular case, the University of Hawaiʻi Maui College faced a cyber attack.
According to the university’s news portal, the “University of Hawaiʻi Maui College found that an unauthorized third party may have gained access to the University’s computer network.”
The university security team responded to the cyber attack and started an investigation into the alleged breach. The university also reported the same to law enforcement agencies, and the attack was limited to only UH Maui College and other unharmed educational institutions.
“UH and UH Maui College take the responsibility to protect the data entrusted to the university seriously,” said Garret Yoshimi, the UH Vice President for Information Technology & Chief Information Officer, University of Hawaii.
Moreover, the university alerted its employees and staff about the incident — instructing them to change their current passwords for their college login portals.
The university also sent notification letters to 10,500 individuals who the cyber attack could have directly or indirectly impacted. The university also pledged to offer “free credit monitoring and identity theft protection services through Experian”, a popular credit monitoring service.
Hawaii Community college data breach and cyberattacks on educational facilities
Along with the Hawaii Community College data breach, threat analyst Brett Callow shared a post on Twitter detailing an alleged cyber attack by NoEscape claiming access to 65 GB of data.
The threat actor also stated that they’ll release the next update on the alleged attack in the coming week. “There are many personal documents of the company as well as the data of their students, as well as a lot of interesting things”, reads the threat actor post.
The surge of cybercrime poses a gigantic challenge to higher education institutions, with a significant rise of 75% in cyberattacks targeting the education sector between 2020 and 2021.
The 2022 Verizon Data Breach Investigations Report suggests that ransomware attacks have increased several folds in the education sector, accounting for approximately 30% of data breaches, including the recent Hawaii Community College Data Breach.
A recent UpGuard report, which focuses on 1500 universities and 5000 university vendors, suggests that the primary attack surface for universities and colleges resides within their web-facing assets, including domains and subdomains that connect to sensitive internal resources.
Exploiting vulnerabilities within these assets grants attackers access to internal networks, ultimately resulting in cybersecurity incidents, such as the Hawaii Community College data breach.
Furthermore, Vice Society, a Russian-based cybercriminal group, poses a significant threat to the education sector, targeting universities, colleges, and K-12 schools.
The FBI has issued a Cybersecurity Advisory (CSA) highlighting their disproportionate focus on the education sector.
According to a report by Malwarebytes, Vice Society was the biggest threat to the education sector in 2022. The group has used double extortion tactics to target educational facilities and universities. In 2023, Vice Society reported publishing data from six schools.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
