EMCC in Bangor, Maine, has reported an information security issue after they was discovered malware had infected many of the computers in the college. Although this has not been confirmed, it is suspected that some data has been stolen. This includes individual info of employees, related to Eastern Maine college, it is also potentially affected around 42,000 existing and past students. The security breach involved the installation of a trojan horse, which was probably the method in which the data was stolen.
A representative of Easter Maine College stated in one of its e-mails that it was possibly being over cautious but was alerting some 42,000 existing and former students and staff members of the possibility that personal details have possibly been exposed as a result of the infection.”
A caution was also released by the school on 17 August that though there was no evidence that any direct information loss had occurred. There is a possibility that some individual data such as name, Social Security Number, date of birth, and address, as well as a couple of usernames and passwords coming from the college domain in addition to email accounts might have been accessed.
Based on a statement issued on 17 August, 2018, the victims of the breach are supposedly the students of the school from the year 1998 summertime to 2018 summer, and also the staff members working between the year 2008 and 2018.
“We very much regret the trouble or concern this occurrence might cause. EMCC takes seriously the protection of individual details, and our efforts to enhance and strengthen our electronic security are ongoing,” stated Lisa Larson, EMCC President, on 17 August.
The EMCC President even more included that it is truly unfortunate that various organizations all over the world are a growing number of becoming targets of the hackers, as it took place in the case of EMCC.
We live in an increasingly interconnected world too, and these attacks can be orchestrated from anywhere in the world. Many countries have little interest in fighting cyber crime and therefore the attackers are relatively safe in these jurisdictions. It is also important that users at the college should follow all college policies when using their computers on campus. Accessing non-educational resources and attempting to access dubious sites can put the entire network at risk. Using things like proxies and non standard US DNS servers to access Netflix is also not permitted in the acceptable use policy of the college.
EMOTET is found to be the malware that is associated with this EMCC occurrence, which according to the U.S. Department of Homeland Security is among the most damaging malware existing on the internet. As soon as a user clicks or opens a destructive document or a link, the malware begins contaminating the computer. The minute the malware gets downloaded into a system, its worm-like properties spread through quickly causing a network-wide infection that is extremely difficult to fight.
EMCC spokesperson said that they have reported this event to the police. The spokesperson even more added that they are investigating on the breach and checking security protocols of the college. They have also offered identity remediation services and complimentary credit keeping track of to the impacted people.