A line of servers.

By Gabriel Lucich
Managing Editor


Nearly 9,000 students “possibly had personal data stolen,” during the college’s January cyberattack, according to college officials.

While the breach was isolated quickly, one system that was compromised consisted of some names and Social Security numbers from the 2013-2015 academic years. This partial personal data belongs to some 8,797 former students from that time period. The college administration is adamant that the data was not necessarily stolen, as it was just in an area of the servers that was breached in the  attack.

Each person exposed in the hack was notified of the data breach, with the extent of the threat and their rights explained in a letter. They were given credit monitoring and identity theft protection to guard them from further issues that could arise from the attack.

Jeff Shaffer said further information about the victims of the hack and the full extent of the breach is considered confidential and was not released to the Print.

Saby Waraich, CCC’s chief information officer, has been outspoken about security measures needed to safeguard the college’s data. According to Shaffer, due to Waraich’s diligence the college has been paying more attention to possible threats and responding with increased measures. These included 24-hour monitoring and additional anti-ransomware and anti-malware programs, with the monitoring being largely responsible for the swift response to the incident on Jan. 18.

“They only had access to ‘public,’ folders that any employee could gain access to. These weren’t open to just anyone. For the most part, it was pretty harmless stuff. Around 15,000 files of old data, primarily meeting notes.” said Shaffer.

This kind of information is relatively innocuous, Shaffer said, adding that much of it was screenshots of grades, mostly fake students crafted for training purposes, with no vital information shown. 

Lockbit 3.0, the malware group associated with this attack, was taken down by international authorities around a month after the CCC attack, much of their infrastructure was disabled in the subsequent raids on their foreign and domestic facilities, according to the US Dept of Justice. The information from Clackamas was included in the data seized during this operation.

“Lockbit’s takedown took away much of their ability to use the data,” said Shaffer. “To date, none of this data has been public, nor are we aware that they actually stole the data or still have it. The college is just being precautionary in case they did have access and stole the data and it comes to light in the coming months,” he added.

These attacks have become more commonplace as time has passed. Some developing countries have entire economic sectors devoted to cyber crime. International, federal and state law enforcement continue to monitor the activities of these groups.

Clackamas Community College has learned a lot since the January cyberattack on its servers, according to Shaffer. Little long-term damage was done to CCC, its faculty or its students in the attack, but there are some lingering threats.


Gabriel Lucich

Leave a Comment