Centralia College: Student, Employee Data Possibly Exposed in Month Before Ransomware Attack


“Unauthorized individuals” may have had access to the data of Centralia College students and employees in the month leading up to a ransomware attack that disabled the college’s local servers, a forensic team recently discovered. 

“We have no forensic evidence that anyone’s personal information has been misused,” Centralia College President Bob Mohrbacher said in a prepared statement. “However, out of an abundance of caution, we are sending notifications to current and former students and employees whose information may be impacted. The privacy and security of information is of utmost importance to us, and we continue to take significant measures to protect that information.” 

An outside forensic team that has been helping Centralia College staff recover data and clean up its systems after the Feb. 14 attack have determined that “unauthorized individuals” may have accessed students’ and employees’ data between Jan. 19 and Feb. 14, according to a July 29 news release from the college. 

Initial investigations revealed no evidence that any information from Centralia College’s local servers left Centralia College’s campus during the ransomware attack. 

Ransomware is broadly defined as a malicious software designed to block access to a computer system until a sum of money is paid.

Instead of stealing data from the campus, investigators determined that the hackers encrypted data kept on the campus’ local servers, preventing anyone from accessing it.

All campus desktop computers and other devices that utilize the college’s local servers were immediately shut down when staff discovered the attack the morning of Feb. 14. Since then, college staff have been working to restore tools and services that utilize the local servers, such as the campus WiFi network, the bookstore’s point of sale system and the school’s website.

The website was restored on March 2 after staff moved it to an external cloud server.

Tools such as Canvas, ctcLink, Outlook email and others not located on the college’s local servers were not impacted by the attack.

“Due to the college’s rapid response on Feb. 14 and the ongoing work of the outside forensic team and our own IT staff, our primary goal has been to minimize the impact on students,” Mohrbacher said.

Individuals with questions about this incident may call “the dedicated and confidential toll-free response line” that the investigating parties have established at 1-855-544-2799 from 6 a.m. to 3:30 p.m. Pacific Time Monday through Friday, excluding major U.S. holidays.