FREMONT — Ohlone College was hacked in late January and the private information of some current and former students, staff and faculty was compromised, including Social Security and bank account numbers, according to school officials.
The community college said in a Feb. 4 notice on its website and letters sent to students it had determined “that certain information on the network was accessed by an outside party” through a hacking incident on Jan. 20.
“The college continues working with third-party specialists to investigate how this incident occurred and what impact it had on our systems,” Ohlone College President Eric Bishop said in a separate Feb. 4 note posted on the college website and sent to students and staff.
“We can confirm that like many other colleges, municipalities and businesses, Ohlone was the victim of a sophisticated ransomware attack. We reported this incident to law enforcement,” Bishop said.
In addition to Social Security numbers, information that was breached included U.S. registration numbers for noncitizens, driver’s license numbers, bank account numbers, medical information, health insurance information, student ID numbers, race or ethnicity information, class lists and schedules, disciplinary files, grades and transcripts, according to the college.
Ohlone spokesperson Jennifer Marquez said Tuesday the college may not be able to determine what specific information was hacked from each person and how many people were victimized.
The college first noticed something was amiss on Jan. 20, when it “experienced a network disruption that impacted our ability to access certain files.” It then began an investigation and by Jan. 26 concluded private information had been breached.
“Please be assured that we take data security extremely seriously, and the college is taking appropriate steps to address this incident,” the college statement said.
The college said there has been “no evidence of misuse of information,” but it is offering “potentially impacted individuals access to free credit monitoring and identity protection services.”
When asked why the college took more than a week to notify those who may have been hacked, Marquez said it was working with law enforcement to get accurate information on the “complex and comprehensive investigation,” and also wanted to restore network systems and line up credit and identity protection services before notifying the broader college community.
“Engaging all of those resources takes time, and the college really did work as quickly and as efficiently as possible to do all three of those things,” Marquez said. The college changed account passwords and is taking “additional security measures,” the college statement said.
Ohlone College serves more than 16,000 students each year at its main campus in Fremont and its Center for Health Sciences and Technology in Newark, as well as online, according to its website.
The ransomware attack came right as the college was preparing for the first day of the spring semester. It knocked out email systems and phones at the college for 10 days. The online student portal was down for 17 days, while a separate student information system was down for a week, Marquez said.
All systems had been restored by Feb. 5, she added.
Marquez said the district could not provide information about what the ransomware attackers were seeking but noted it did not make any ransom payments.
People who want more information about the data breach or want to enroll in the free credit monitoring and identity protection services can call the college’s assistance line at 1-844-667-6246, Monday through Friday, from 8 a.m. to 8 p.m.
