ST. LOUIS (KMOV.com) – A series of email phishing attacks gave cybercriminals access to thousands of St. Louis Community College students’ private data.

The college said the attacks targeted former and current students and employees and gave the criminals access to the data stored in their email accounts. The sensitive information accessed included names, student identification numbers, dates of birth, addresses, phone numbers, and email addresses. In total, 5,127 individuals had their information exposed, of those, 71 people had their Social Security Numbers compromised.

St. Louis Community College officials said some of the accounts were secured within 24 hours of the incident and all accounts were secured within 72 hours.

The data breach was discovered on Jan. 13 after the college says an employee clicked on an attachment from a bogus email. The college is currently in the process of notifying anyone who was affected by the breach.

"Colleges are well under attack. Criminals are very interested in getting our email addresses," Chief Information Officer Keith Hacke said. "They want to use those email addresses to get things at discount that students get."

Officials said it took them three weeks to fully understand what exactly happened and to accurately identify those who were affected. Officials said there are no sings that any money had been stolen from student or employee accounts.

"We do not see any information that that happened and we offering credit protection for those who had their Social Security numbers compromised," Hacke said.

St. Louis Community College was in the process of implementing a new security measure that would require anyone access email from off campus to enter a code sent to their cellphone. That would have stopped the cybercriminals but the new security step didn’t start till after the security breach happened.

The Department of Education’s Office of Inspector General and the Family Policy Compliance Office have been notified of data breach, according to the college. In addition, all faculty and staff will be re-trained within 30 days on the handling and sharing of sensitive information.

Copyright 2020 KMOV (Meredith Corporation). All rights reserved

Recommended for you

(0) comments

Welcome to the discussion.

Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
PLEASE TURN OFF YOUR CAPS LOCK.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.