ROCK ISLAND — Augustana College has notified many students, staff members and alumni that sensitive information — including Social Security numbers and dates of birth — were stolen in a malware attack.
Recipients of a letter sent out last week were told that their information had been compromised in a ransomware attack against an Augie server. The letter was signed by Kirk Anderson, chief financial officer and vice president of administration.
According to the letter, Augustana officials discovered the attack in mid-February. An internal investigation confirmed that the attackers had unauthorized access to one of its servers.
“Augustana currently has no evidence of attempted or actual misuse of the information,” the letter said.
It is unknown who was behind the attack or how many people were affected. Several alumni who graduated in the early 2010s have received the letter.
Ransomware is a malicious software, or malware, that threatens to block access to computer data and systems until a ransom is paid.
Brandon Gittelman, a class of 2012 alumnus now living in the Denver area, received the letter notifying him that his personal information was compromised. He said that the letter was sent to his parents, not him. He only saw it because he happened to be visiting with his parents over Mother's Day weekend.
"I think it’s been handled poorly," Gittelman said. "It could’ve been more proactive than something three months late, in a nondescript envelope.
"The alumni association has my correct address, phone number, email. I know that they have the right information," Gittelman added. "How many others didn’t receive it? How many others would’ve tossed it?”
Augustana has launched a number of measures, including complimentary two-year credit monitoring and identify-theft safeguards, in wake of the breach.
“We take this incident and the security of your personal information seriously,” the letter said. “Augustana identified and mitigated the incident by immediately taking the affected server offline and moving the stored information onto other servers. We have been working with third-party vendors to enhance the existing security systems in place and to guard against future attacks of this nature.”
Individuals with questions about the breach can call the free assistance line at 855-662-8108.
"Unfortunately, cyber attacks at colleges and universities have been on the rise, and I can confirm that Augustana was a victim of a ransomware attack," Ashleigh Johnston, director of public relations and social media, said. "It's important to note that Augustana has no evidence of attempted or actual misuse of confidential information."