The ransomware attack on the Hawaiʻi Community College network, first reported on June 13, has been resolved.
After determining that the compromised data most likely contained personal information of approximately 28,000 individuals, the University of Hawaiʻi made the difficult decision to negotiate with the threat actors in order to protect the individuals whose sensitive information might have been compromised. A significant consideration in this decision-making process was that the criminal entity responsible for the attack has a documented history of publicly posting the stolen personal information of individuals when agreement with the impacted entity was not reached. Working with an external team of cybersecurity experts, UH reached an agreement with the threat actors to destroy all of the information it illegally obtained.
Restoration of the Hawaiʻi CC IT Infrastructure and Resolution of the Attack
Restoration of Hawaiʻi CC’s IT infrastructure is in progress. The wireless network at all locations has been restored, while the restoration of the wired network is expected to be completed by the week of August 14, 2023.
Notification letters are being sent to approximately 28,000 individuals, which will include an offer of credit monitoring and identity theft protection services through Experian. Current and former Hawaiʻi CC students and employees who do not receive a notice letter in the mail but believe they may have been affected, may call 1-833-627-2706 from 6 a.m. to 6 p.m., PDT.
Personal Cyber Safety
UH recommends that everyone protect themselves from known and unknown exposures through steps including:
- Freezing their credit file
- Reviewing account statements carefully and reporting suspicious activity
- Utilizing multi-factor authentication
Additional steps that may be taken by individuals affected by this or any other incidents include:
- Placing fraud alerts on their account or credit file
- Changing passwords and security verification questions and answers
Increased Cyber Security
The threat actors continue to bombard our systems with attacks, and they are becoming increasingly sophisticated. UH Information Technology Services (ITS) continues to work with the campuses to address potential vulnerabilities. For example, ITS is increasing scanning and monitoring across the 10-campus multi-island system while deploying additional security technologies to better protect the campus servers and networks and the information they steward. We cannot prevent cyberattacks, but we are always working to improve vigilance and readiness in this area.
Ransomware attacks on educational institutions are increasingly common. There were 190 known ransomware attacks against educational institutions from June 2022 and May 2023 according to recent reports, and many more that went unreported and unrecorded. According to a 2022 survey, 64% of colleges worldwide reported experiencing some sort of ransomware attack, along with about 2,000 K–12 schools in the U.S.
Hawaiʻi CC students and employees are asked to remain vigilant. Please regularly check the ITS Information Security site to implement best practices for cyber health.