Guilford College in North Carolina confirmed that ransomware actors who attacked their school also stole sensitive data of students, faculty and staff.
A spokesperson for the college — which is more than 185 years old — said the attack occurred in October and law enforcement was immediately notified. The school disconnected their systems and hired outside security experts to help restore systems and investigate the incident.
“While our investigation remains ongoing, we do have evidence to suggest the unauthorized actor responsible for this incident may have illegally accessed sensitive data,” the spokesperson said.
“In order to be as transparent as possible, we sent communications to our students, faculty, staff and parents updating them on these findings and we are working around the clock to determine what sensitive data was accessed, and we will directly notify any individuals we believe may have been affected.”
On Friday, the Hive ransomware group took credit for the attack and threatened to leak the data stolen, posting samples of what was taken on October 21.