COCC: Some Web Info May Have Been Exposed
Central Oregon Community College officials said Friday they have identified some information on the COCC website that may have been exposed in this week’s hacker attacks.
COCC has taken down the website while it works with law enforcement officials and industry security experts, the collge said Friday afternoon.
It has been replaced by a single page with links to sites of importance to COCC students, faculty and staff but that are not part of the COCC web site. Email access is available on the temporary page.
“Comprehensive student and employee information is NOT contained on the COCC website,” the update said. “The college is analyzing information to see if there is any additional cause for concern of personally identifiable information being accessed or any additional data bases which might have been exposed.:
The information identified was from students who applied to the COCC nursing program for the current year, and for COCC Foundation scholarship for the next year, officials said.
The stressed that neither set of applications include Social Security or credit card numbers. They do include email addresses and COCC ID numbers.
Below is the email sent to students who applied to the nursing program. A similar email was sent to those with Foundation scholarship applications.
—
You are getting this email because either last year or recently, you applied to the COCC nursing program and your application is on file with us.
You may have heard that the COCC Web site has been ?hacked? by someone from outside the country. We do not know whether or not anyone gained access to your application, but we do want to caution you that there is a chance this happened. We have taken that part of the Web site off line.
The college has been in touch with local and federal law enforcement officials for assistance in the investigation. At this time, it is unknown who is responsible for the activity or why the COCC website was targeted.
Do know that when we contact you, we will NEVER ask for social security numbers or credit card numbers. If anyone does ask for that information, please contact us immediately but do NOT respond to that email.
We will be back in touch with you once we conclude our investigation related to this incident. If you have questions or concerns, please direct them to feedback@cocc.edu.
—
The second hacker attack on COCC’s Website in two days occurred Thursday, prompting officials to again take the site offline and put a temporary one in place, while contacting police and working to assure no personal information was accessed.
?Since putting the site back on this morning, we have been monitoring it closely,? said Dan Cecchini, director of institutional technology at COCC.
?As soon as we saw evidence of unauthorized intrusion, we again shut it off,” he said. “We again set up a temporary page with links to sites of importance to COCC students, faculty and staff but that are not part of the COCC web site,
That temporary page is at www.cocc.edu.
“This does not impact the COCC email system,” college officials said in a statement issued Thursday evening. “Also, comprehensive student and employee information is NOT contained on the COCC website. The college is analyzing information to see if there is any cause for concern of personally identifiable information being accessed.”
“The college has been in touch with local and federal law enforcement officials for assistance in the investigation. At this time, it is unknown who is responsible for the activity or why the COCC website was targeted.”
Students and others were invited to direct questions to feedback@cocc.edu.
—
Earlier story:
Central Oregon Community College?s Website was hit by hackers Wednesday, apparently from overseas, prompting technicians to replace it with a bare-bones version while COCC officials assured that no sensitive material had been accessed or compromised.
A brief message at the top of the temporary Website at www.cocc.edu said the college ?recently had malicious activity on their Website? and disabled the site, which was back in place by Thursday morning.
Nothing visible on the site was changed, Paradis said. The only sign to the public was when some visitors to the Website around 7 a.m. Wednesday were unable to access it, or found it working, then not working, then working again, said COCC spokesman Ron Paradis.
?We don?t believe something like this would happen by accident,? Paradis said, adding that the techs said that intruder ?appears to be from a foreign country.?
The area the hackers reached is the only part of the college?s online system that is not behind a firewall, since it connects to the Web.
However, Paradis said, thanks to the ability to trace the Website visitors, the college is certain they did ?not get to anything of value.?
?We have no evidence any sensitive or confidential information has been compromised,? he said. ?Basically, the only thing they could reach would be a staff roster and e-mail addresses, and they didn?t. We could tell where they were and for how long.?
All of the other material, such as course information, is located behind a secure firewall at other Web addresses, which were linked to on the temporary site for students and staff to use.
?We?re very confident that they didn?t get to anything worthwhile,? Paradis said, adding that it appeared to be the first such Website attack COCC has seen.