March 2023 Cyber Attack Information - Newsroom - Lewis & Clark
March 2023 Cyber Attack Information
On March 3, 2023, Lewis & Clark experienced an IT security incident which negatively impacted systems and services across our campuses. Our IT team is working around the clock, alongside a team of external experts, to restore services and advise the college about next steps.
April 6, 2023 Email: “How to Access Credit Monitoring’
Dear LC Community,
We recently learned that the cybercriminals responsible for the recent security incident published some amount of Lewis & Clark data on a “dark web” website. We are currently working to retrieve the information and to determine the extent to which it includes any sensitive personal information. Due to how cybercriminals publish data, it may take time to determine the full scope and nature of this data. We will provide formal notification to any individuals whose protected information is found to have been compromised in the course of this investigation, in accordance with all applicable laws, once the investigation is complete.
In the meantime, we are offering free credit monitoring to current students and employees.
If you would like to sign up for credit monitoring services, please fill out this short request form. You will then be provided with an enrollment code and instructions on how you can activate the service.
Below are additional steps you can take to protect your information, irrespective of whether it was compromised in this incident. We encourage you to review and consider whether they are appropriate for you.
Placing a Fraud Alert on Your Credit File
You may place an initial one-year “fraud alert” on your credit files at no charge. A fraud alert tells creditors to contact you personally before they open any new accounts. To place a fraud alert, call any one of the three major credit bureaus at the numbers listed below. As soon as one credit bureau confirms your fraud alert, they will notify the others.
Equifax
P. O. Box 105788
Atlanta, GA 30348
https://www.equifax.com/personal/credit-report-services/credit-fraud-alerts/
(800) 525-6285
Experian
P. O. Box 9554
Allen, TX 75013
https://www.experian.com/fraud/
center.html
(888) 397-3742
TransUnion
P. O. Box 6790
Fullerton, CA 92834-6790
https://www.transunion.com/fraud-alerts
(800) 680-7289
Consider Placing a Security Freeze on Your Credit File.
If you are very concerned about becoming a victim of fraud or identity theft, you may also request a “security freeze” be placed on your credit file at no charge. A security freeze prohibits, with certain exceptions, the consumer reporting agencies from releasing your credit report or any information from it without your express authorization. You may place a security freeze on your credit report by contacting all three nationwide credit reporting companies at the numbers below and following the stated directions or by sending a request in writing, by mail, to all three credit reporting companies:
Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348
https://www.equifax.com/personal/credit-report-services/credit-freeze/
1-800-349-9960
Experian Security Freeze
P.O. Box 9554
Allen, TX 75013
http://experian.com/freeze
1-888-397-3742
TransUnion Security Freeze
P.O. Box 2000
Chester, PA 19016
http://www.transunion.com/securityfreeze
1-888-909-8872
In order to place the security freeze, you’ll need to supply your name, address, date of birth, Social Security number, and other personal information. After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique personal identification number (PIN) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.
Obtaining a Free Credit Report
Under federal law, you are entitled to one free credit report every 12 months from each of the above three major nationwide credit reporting companies. Call 1-877-322-8228 or request your free credit reports online at www.annualcreditreport.com. Once you receive your credit reports, review them for discrepancies. Identify any accounts you did not open or inquiries from creditors that you did not authorize. Verify all information is correct. If you have questions or notice incorrect information, contact the credit reporting company.
Additional Helpful Resources
Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically. Checking your credit report periodically can help you spot problems and address them quickly.
If you find suspicious activity on your credit reports or have reason to believe your information is being misused, call your local law enforcement agency and file a police report. Be sure to obtain a copy of the police report, as many creditors will want the information it contains to absolve you of the fraudulent debts. You may also file a complaint with the FTC by contacting them on the web at www.ftc.gov/idtheft, by phone at 1-877-IDTHEFT (1-877-438-4338), or by mail at Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580. Your complaint will be added to the FTC’s Identity Theft Data Clearinghouse, where it will be accessible to law enforcement for their investigations. In addition, you may obtain information from the FTC about fraud alerts and security freezes.
Thank you for your continued patience and understanding. We will continue to share information as we have it.
Sincerely,
The Executive Council
March 31, 2023 Email: “Message from Executive Council”
Dear LC Community,
As you are aware, we experienced a cyberattack beginning on March 3 which significantly impacted almost all IT systems on campus. We are now at a point in our response in which we are able to share more information about the nature of the incident.
It is common in such an instance for the attackers to use ransomware, which is a type of malicious software, or malware, to prevent the victim from accessing their computer files, systems, and networks until a ransom is paid. We now know that the attack was perpetrated by a group known for similar attacks against educational institutions.
Following the advice of law enforcement and our external experts, the college has chosen not to pay ransom. Instead, we have worked nonstop to rebuild our IT systems from backups which are regularly retained by the college. At the same time, we have been working with a cybersecurity forensic firm to assess whether and to what extent there has been any compromise of protected or otherwise sensitive data as a result of this incident.
The cybercriminals responsible for the incident now claim to have published a limited amount of Lewis & Clark data on a “dark web” website maintained by the threat actors. Our external cyber forensic firm is helping us to investigate this claim. We are currently working to retrieve the information, at which time we will conduct a thorough review. When cybercriminals publish data of this nature, they do so on portions of the internet that are unindexed, not easily searchable, and only accessible by means of special software, which means that it may take a while to investigate the scope and nature of this claim.
Given that we do not have reliable information about the scope or content of the allegedly published data, there is no action for you to take at this time. In the event we determine that the incident resulted in unauthorized access or acquisition of protected information related to students, faculty, staff, parents, or other friends of the college, we will provide notification to impacted individuals in accordance with state and federal regulations.
To date, we do not have evidence that the information involved in this incident has been used for identity theft or financial fraud. We are taking this very seriously and using all resources available to conduct a thorough and diligent review of the impacted data.
As a reminder, if you receive communications from persons claiming to have your personal information, or which are otherwise suspicious, please do not respond, and immediately report the incident to [email protected].
Once again, we appreciate your patience during our continued response to the incident.
Sincerely,
The Executive Council
Most IT systems have been fully or partially restored since the initial outage. We will keep you informed of developments as progress is made, and will update this webpage as new information is available.
Unavailable Services
The following systems are unavailable:
Pionet secure wifi network
VPN (GlobalProtect)
WebAdvisor password changes: If you need to reset your password, please visit the IT Service Desk, in Watzek Library, Monday through Friday, between 9 a.m. and 4 p.m. to reset your password. Law employees and students may also visit the Law School Student Help Desk between 8 a.m. and 4 p.m. (If you are unable to make it to campus, please select a time from this Google Calendar link to schedule a time to meet via Zoom. A link will be placed in the calendar event. Please have your LC or State ID and a new password ready.)
Available or Modified Services
The following services have been restored or have not been impacted:
Pionet-Guest wifi network: To access, select Pionet-Guest from your available wifi networks and then click OK. There is no login required. You will then be able to access the internet. You may experience some instability when connected to this network. IT is monitoring the situation and working diligently to maintain stable connectivity and restore other network services.
L&C Websites: All Lewis & Clark sites are live. Website editing is available to LiveWhale editors who have changed their passwords.
Printing is available at the following locations:
CAS student printing is completely back up
Law printing is fully available
Grad printing is available at York 110 and 118
CAS Watzel Library Labs are available for everyone
Workday. Employees who have changed their LC password have access to Workday.
Slate. Slate is available to employees who have changed their LC password.
Panopto. Available for course recording.
StarRez. StarRez is available to employees who have changed their LC password.
On-Campus Phone Service. Phone service has been fully restored. The rebooting of the phone system on March 15 appears to have resolved problems with call forwarding.
GMail and the Google Workspace
Zoom
Maxient. Non-emergency reports or concerns (such as bias incident reports, misconduct referrals, Title IX concerns, etc.) may be submitted via Maxient.
Dining: Dining services continue to be available in Fields Dining Hall. The Trail Room, Dovecote, and food service at the Law and Graduate schools are also open, but are only accepting cash and credit cards.
Online Facilities Work Orders: Service requests can be submitted here.
Most classroom technology, such as audio/video equipment.
Handshake is again available for accessing job and internship postings, career fairs and other events and programs, for those who have reset passwords.
Salesforce and Box are available to employees who have reset their passwords.
Online trainings through GetInclusive (sexual harassment, discrimination, etc.) are again available.
FedEx Print on Demand is available to employees
GivePulse
Colleague and Informer, for those having changed their password
WebAdvisor and Self Service, for those having changed their password (see above if you have not changed yours)
LC Files has been fully restored, for those having changed their password
Moodle has been fully restored , for those having changed their password
EMS
NuPark
Explorance Blue (Blue Evaluations)
GoAnywhere
ExLibris
Secure Forms server
Courseleaf
CBOARD
Salesforce/Colleague integration
Centrally managed software licenses such as:
ESRI ArcGIS
SPSS
Mathematica
On March 3, 2023, Lewis & Clark experienced an IT security incident which negatively impacted systems and services across our campuses. Our IT team is working around the clock, alongside a team of external experts, to restore services and advise the college about next steps.
April 6, 2023 Email: “How to Access Credit Monitoring’
Dear LC Community,
We recently learned that the cybercriminals responsible for the recent security incident published some amount of Lewis & Clark data on a “dark web” website. We are currently working to retrieve the information and to determine the extent to which it includes any sensitive personal information. Due to how cybercriminals publish data, it may take time to determine the full scope and nature of this data. We will provide formal notification to any individuals whose protected information is found to have been compromised in the course of this investigation, in accordance with all applicable laws, once the investigation is complete.
In the meantime, we are offering free credit monitoring to current students and employees.
If you would like to sign up for credit monitoring services, please fill out this short request form. You will then be provided with an enrollment code and instructions on how you can activate the service.
Below are additional steps you can take to protect your information, irrespective of whether it was compromised in this incident. We encourage you to review and consider whether they are appropriate for you.
Placing a Fraud Alert on Your Credit File
You may place an initial one-year “fraud alert” on your credit files at no charge. A fraud alert tells creditors to contact you personally before they open any new accounts. To place a fraud alert, call any one of the three major credit bureaus at the numbers listed below. As soon as one credit bureau confirms your fraud alert, they will notify the others.
Equifax
P. O. Box 105788
Atlanta, GA 30348
https://www.equifax.com/personal/credit-report-services/credit-fraud-alerts/
(800) 525-6285
Experian
P. O. Box 9554
Allen, TX 75013
https://www.experian.com/fraud/
center.html
(888) 397-3742
TransUnion
P. O. Box 6790
Fullerton, CA 92834-6790
https://www.transunion.com/fraud-alerts
(800) 680-7289
Consider Placing a Security Freeze on Your Credit File.
If you are very concerned about becoming a victim of fraud or identity theft, you may also request a “security freeze” be placed on your credit file at no charge. A security freeze prohibits, with certain exceptions, the consumer reporting agencies from releasing your credit report or any information from it without your express authorization. You may place a security freeze on your credit report by contacting all three nationwide credit reporting companies at the numbers below and following the stated directions or by sending a request in writing, by mail, to all three credit reporting companies:
Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348
https://www.equifax.com/personal/credit-report-services/credit-freeze/
1-800-349-9960
Experian Security Freeze
P.O. Box 9554
Allen, TX 75013
http://experian.com/freeze
1-888-397-3742
TransUnion Security Freeze
P.O. Box 2000
Chester, PA 19016
http://www.transunion.com/securityfreeze
1-888-909-8872
In order to place the security freeze, you’ll need to supply your name, address, date of birth, Social Security number, and other personal information. After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique personal identification number (PIN) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.
Obtaining a Free Credit Report
Under federal law, you are entitled to one free credit report every 12 months from each of the above three major nationwide credit reporting companies. Call 1-877-322-8228 or request your free credit reports online at www.annualcreditreport.com. Once you receive your credit reports, review them for discrepancies. Identify any accounts you did not open or inquiries from creditors that you did not authorize. Verify all information is correct. If you have questions or notice incorrect information, contact the credit reporting company.
Additional Helpful Resources
Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically. Checking your credit report periodically can help you spot problems and address them quickly.
If you find suspicious activity on your credit reports or have reason to believe your information is being misused, call your local law enforcement agency and file a police report. Be sure to obtain a copy of the police report, as many creditors will want the information it contains to absolve you of the fraudulent debts. You may also file a complaint with the FTC by contacting them on the web at www.ftc.gov/idtheft, by phone at 1-877-IDTHEFT (1-877-438-4338), or by mail at Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580. Your complaint will be added to the FTC’s Identity Theft Data Clearinghouse, where it will be accessible to law enforcement for their investigations. In addition, you may obtain information from the FTC about fraud alerts and security freezes.
Thank you for your continued patience and understanding. We will continue to share information as we have it.
Sincerely,
The Executive Council
March 31, 2023 Email: “Message from Executive Council”
Dear LC Community,
As you are aware, we experienced a cyberattack beginning on March 3 which significantly impacted almost all IT systems on campus. We are now at a point in our response in which we are able to share more information about the nature of the incident.
It is common in such an instance for the attackers to use ransomware, which is a type of malicious software, or malware, to prevent the victim from accessing their computer files, systems, and networks until a ransom is paid. We now know that the attack was perpetrated by a group known for similar attacks against educational institutions.
Following the advice of law enforcement and our external experts, the college has chosen not to pay ransom. Instead, we have worked nonstop to rebuild our IT systems from backups which are regularly retained by the college. At the same time, we have been working with a cybersecurity forensic firm to assess whether and to what extent there has been any compromise of protected or otherwise sensitive data as a result of this incident.
The cybercriminals responsible for the incident now claim to have published a limited amount of Lewis & Clark data on a “dark web” website maintained by the threat actors. Our external cyber forensic firm is helping us to investigate this claim. We are currently working to retrieve the information, at which time we will conduct a thorough review. When cybercriminals publish data of this nature, they do so on portions of the internet that are unindexed, not easily searchable, and only accessible by means of special software, which means that it may take a while to investigate the scope and nature of this claim.
Given that we do not have reliable information about the scope or content of the allegedly published data, there is no action for you to take at this time. In the event we determine that the incident resulted in unauthorized access or acquisition of protected information related to students, faculty, staff, parents, or other friends of the college, we will provide notification to impacted individuals in accordance with state and federal regulations.
To date, we do not have evidence that the information involved in this incident has been used for identity theft or financial fraud. We are taking this very seriously and using all resources available to conduct a thorough and diligent review of the impacted data.
As a reminder, if you receive communications from persons claiming to have your personal information, or which are otherwise suspicious, please do not respond, and immediately report the incident to [email protected].
Once again, we appreciate your patience during our continued response to the incident.
Sincerely,
The Executive Council
Most IT systems have been fully or partially restored since the initial outage. We will keep you informed of developments as progress is made, and will update this webpage as new information is available.
Unavailable Services
The following systems are unavailable:
Pionet secure wifi network
VPN (GlobalProtect)
WebAdvisor password changes: If you need to reset your password, please visit the IT Service Desk, in Watzek Library, Monday through Friday, between 9 a.m. and 4 p.m. to reset your password. Law employees and students may also visit the Law School Student Help Desk between 8 a.m. and 4 p.m. (If you are unable to make it to campus, please select a time from this Google Calendar link to schedule a time to meet via Zoom. A link will be placed in the calendar event. Please have your LC or State ID and a new password ready.)
Available or Modified Services
The following services have been restored or have not been impacted:
Pionet-Guest wifi network: To access, select Pionet-Guest from your available wifi networks and then click OK. There is no login required. You will then be able to access the internet. You may experience some instability when connected to this network. IT is monitoring the situation and working diligently to maintain stable connectivity and restore other network services.
L&C Websites: All Lewis & Clark sites are live. Website editing is available to LiveWhale editors who have changed their passwords.
Printing is available at the following locations:
CAS student printing is completely back up
Law printing is fully available
Grad printing is available at York 110 and 118
CAS Watzel Library Labs are available for everyone
Workday. Employees who have changed their LC password have access to Workday.
Slate. Slate is available to employees who have changed their LC password.
Panopto. Available for course recording.
StarRez. StarRez is available to employees who have changed their LC password.
On-Campus Phone Service. Phone service has been fully restored. The rebooting of the phone system on March 15 appears to have resolved problems with call forwarding.
GMail and the Google Workspace
Zoom
Maxient. Non-emergency reports or concerns (such as bias incident reports, misconduct referrals, Title IX concerns, etc.) may be submitted via Maxient.
Dining: Dining services continue to be available in Fields Dining Hall. The Trail Room, Dovecote, and food service at the Law and Graduate schools are also open, but are only accepting cash and credit cards.
Online Facilities Work Orders: Service requests can be submitted here.
Most classroom technology, such as audio/video equipment.
Handshake is again available for accessing job and internship postings, career fairs and other events and programs, for those who have reset passwords.
Salesforce and Box are available to employees who have reset their passwords.
Online trainings through GetInclusive (sexual harassment, discrimination, etc.) are again available.
FedEx Print on Demand is available to employees
GivePulse
Colleague and Informer, for those having changed their password
WebAdvisor and Self Service, for those having changed their password (see above if you have not changed yours)
LC Files has been fully restored, for those having changed their password
Moodle has been fully restored , for those having changed their password
EMS
NuPark
Explorance Blue (Blue Evaluations)
GoAnywhere
ExLibris
Secure Forms server
Courseleaf
CBOARD
Salesforce/Colleague integration
Centrally managed software licenses such as:
ESRI ArcGIS
SPSS
Mathematica
