Peralta Community College District's Only Student-Run Publication
Peralta Community College District's only student-run publication.

The Citizen

Peralta Community College District's only student-run publication.

The Citizen

Peralta Community College District's only student-run publication.

The Citizen

(Graphic: Desmond Meagley/The Citizen)
Sunshine Week 2024: Spotlighting public records
A multi-year investigation into public records related to campus security, public funds, and more
Li Khan, Editor in Chief • March 17, 2024
Read Story
In this monthly column, I chat with folks from the Peralta community and ask ten questions aiming to make everyone more relatable to each other. (Graphic by Randi Cross/The Citizen)
Tea with Tamara: Drew Burgess, art faculty at College of Alameda
Tamara Copes, Columnist • February 21, 2024
Read Story
Archives

Ohlone ransomware attack highlights vulnerability of colleges

Peralta’s CIO says district’s cyber security has been enhanced
Photo by Luke Wrin Piper, Consulting Editor

The Ohlone Community College District (OCCD), with campuses in Fremont and Newark, was the latest victim in a string of ransomware attacks against higher education institutions. The cyber attack at OCCD took place on January 20, according to district officials, but the full scope of the intrusion, which comprised the personal information of an unknown number of the district’s students and former students, was not recognized until nearly a week later. OCCD’s email systems, phones, and student portal were disabled just as the spring semester was getting underway, according to a statement from the college.  

Ohlone spokesperson, Jen Marquez, in an email to The Citizen on February 23, confirmed no ransom had been paid, but provided no additional details. “This is an ongoing investigation and we’re working with law enforcement and a third-party specialist,” Marquez wrote. “We must continue to protect the security of the college, and we are unable to share any other details regarding this information at this time.”  

Ohlone Campus. (Luke Wrin Piper, The Citizen)

In a February 4 statement, OCCD said it has “no evidence of misuse of information,” but is offering “potentially impacted individuals access to free credit monitoring and identity protection services.” All systems were restored by February 5, according to Marquez. 

Other colleges and universities hit with ransomware attacks in recent years include the University of California, San Francisco (UCSF), Michigan State University, Columbia College, and the University of Utah, according to a March 2021 article in Inside Higher Ed. UCSF paid a $1.14 million ransom to recover “sensitive information stolen from the institution’s School of Medicine,” according to the article. 

Asked by The Citizen about the incident, State Chancellor Eloy Ortiz Oakley characterized ransomware attacks as “a growing problem, not just in California, but throughout the country.” 

Speaking at his media briefing for student journalists on February 22, Oakley explained the California Community Colleges Information Security Center provides technical and professional development support for the local districts and can identify vulnerabilities in their computer networks. 

Oakley also indicated that significantly more resources are being allocated for cybersecurity in the current annual budget, but cautioned, “as soon as we implement security measures, some nefarious group tries to get around them.” Marquez confirmed the Ohlone IT services department “has worked with the CCC Information Security Center for several years and has informed them about this incident.”

While several companies in the private sector, most notably Colonial Pipeline and meat supplier JBS, have been victims of high profile ransomware attacks, education is the “most affected sector” according to a June 2021 article in Educause Review. That article cited data from the Microsoft Security Intelligence site which showed the education category reported over 7 million enterprise malware encounters in the past 30 days compared to just 714,701 in the second largest category (retail and consumer goods).  

BlueVoyant, a cybersecurity services company, in a 2021 report entitled “Cybersecurity in Higher Education” found that ransomware attacks on colleges doubled between 2019 and 2020. That same report indicated that the average cost of a ransomware attack in higher education was $447,000 in 2020. Perhaps most disturbing, BlueVoyant reported that 66% of the universities and colleges in its study “lacked all basic email security configurations” and three quarters “had open or unsecured remote desktop ports,” a vulnerability often exploited in ransomware attacks.

The Peralta Community College District was promised enhanced security as one of the benefits of the upgrade of its PeopleSoft/Oracle computer system last year. The cost of that project started at $6.3 million, but eventually rose to $9.9 million once licensing fees and a second phase were added. The Board of Trustees recently committed an additional $317,263 to retain a consulting firm (Huron) to manage implementation of the second phase of the PeopleSoft upgrade project.  

Antoine Mehouelley, Perlata’s Chief Technology & Information Systems Officer, in an email statement to The Citizen, said “The Peralta Colleges…know the threat of a data breach is real and ongoing.  Protecting the health and safety of Peralta students and employees remains our highest priority, and that includes the security of our personal data, keeping our private information safe. Peralta Colleges’ cyber security was enhanced by the PeopleSoft upgrade to version 9.2 and the move to Oracle cloud hosting. We’ve also recently added two-factor authentication for administrators.” 

Mehouelley was reluctant to disclose additional details since “people with nefarious intent are watching closely.” He confirmed that Peralta also works with the CCC Information Security Center. 

 

About the Contributor
David Rowe, Associate Editor
After a 40 year career in advertising, David is considering journalism as his “second act” and preparing himself for that new profession by taking classes at Laney. During his days in advertising, Rowe headed up the media departments for a number of leading ad agencies in San Francisco and Salt Lake City. In this capacity, he was responsible for the planning and placement of tens of millions of dollars of paid media. A high point of his career was placing Intel’s first Super Bowl TV ad in 1997. Rowe has a lifelong interest in journalism dating back to high school in San Jose where he started an underground newspaper called, appropriately enough, The Del Mar Free Press. The school administration threatened to suspend him, so Rowe, with the help of his attorney father, sued the school district in Federal Court and won and injunction. Ultimately, the case was decided in his favor and California state law regarding the rights of high school students was re-written as a result. Rowe is a political junkie who enjoys watching all the Sunday morning news programs and is actively involved in the Joe Biden presidential campaign this year.
Leave a Comment
Donate to The Citizen
$0
$500
Contributed
Our Goal

Comments (0)

All Sort: Newest

Your email address will not be published. Required fields are marked *