Okanagan College has broken its silence after confidential sensitive data from staff and students was leaked to the dark web.
A hacking collective called Vice Society hacked into the college’s servers on Jan. 9 and stole more than 800GB of information, including everything from social insurance and credit card numbers, passwords, and more.
It was not initially clear to the public what the hackers were looking for in return for the information, eventually releasing it on Jan. 30. The following day, a statement from the college determined it was a ransomware hack, a type of malicious software that will block access to a server until a certain amount of money is paid.
The statement, however, said that the college is preferring to call it a “double extortion attack.”
“It is now abundantly clear that the intended purpose of the attack was to both steal data and encrypt our IT infrastructure to extort the college,” continues the statement. “Unfortunately, this type of attack is extremely common, and these particular hackers specifically target education institutions.”
The college notified staff and students of the breach at an early stage, providing credit monitoring and identity theft services, though did not release that it was ransomware until the data was released to the dark web. The statement said this is because it is still an active and fluid event, and they do not yet have “a complete picture.”
It is not clear how much was asked for in the ransom, and the college says that it never entertained conversations about paying, as it does not in any way mean that the hackers would destroy the data they collected.
They are asking those affected not to look for the information on the internet, as it is on a dark website run by a criminal organization.
It should take several weeks to discover just exactly what information was compromised, so the college is asking anyone involved to assume that any of their personal data that has been collected by the college is at risk.