Student, faculty, staff data compromised in STLCC cyber attack

Social security numbers for 71 individuals accessed

By: Bri Heaney, News Editor

On Feb, 4, STLCC announced in a press release that a cyber security attack occurred in January. Approximately 5,127 students, faculty and staff were affected by the breach. Nearly 71 social security numbers were compromised during the cyber attack. 

“I don’t know how they discovered it, but I do know they discovered it Jan. 13, and after that they took some actions steps such as collecting and analyzing the information, the different systems to analyze who was impacted,” said Nev Savala, STLCC communications manager located at the Corporate Campus.

The cyber security attack was the result of what Savala calls a phishing email. “A phishing email is a suspicious email; you might know that there is something not right about it but sometimes these emails look really good or look like they may be from an organization that you are familiar with,” she said. 

Although some emails are more clearly fake, some emails, like the ones sent to staff and faculty at STLCC were more credible looking, she said. 

Savala said there are red flags in some phishing scams that individuals can look for like misspellings, unusual URL addresses, or sourced from an organization that is not familiar. However, there are some phishing emails that are more intricate and targeted to look like a familiar legitimate organization.

“Sometimes these emails look really good or look like they may be from an organization that you are familiar with,” said Savala. “In this case, an email was opened and that led to these cyber criminals being able to get access to the information that was in email inboxes.” 

When the emails were opened and responded to, Savala said sensitive information was breached. 

After learning about the attack and during the investigation, Savala said she was not aware of any servers or websites being temporarily shut down. 

Savala said STLCC has notified all students whose information was compromised and has offered credit monitoring to the 71 individuals whose social security numbers were accessed. 

As for prevention, Savala said that all staff will be re-trained. 

“There is going to be retraining for all employees on how to handle sensitive information, and further training for employees who opened the phishing emails,” she said. 

The cyber criminals who forged the attack are still unknown. Savala said that the college is still looking into it.