On May 3, 2023, Pacific Union College (PUC) found itself at the center of a cybersecurity storm. Initially labeled as a generic “cybersecurity issue,” it was later confirmed to be a targeted ransomware attack. The incident has left the personal information of current and former students, faculty, donors, and parents compromised. While PUC maintains that there is no evidence of personal information compromise, insights from the ransomware group responsible, Trigona, paint a different picture.
Did You Receive A PUC Notice Letter?
The breach timeline starts on April 7, 2023, when PUC first acknowledged a “cybersecurity issue” impacting internal networks, phone systems, and web services. Fast forward to May 3, 2023, and PUC updated their statement, confirming a ransomware attack but asserting no evidence of compromised personal information.
Databreaches.net took a step further and engaged with Trigona, the ransomware group behind the attack. Shockingly, Trigona claimed to have extracted a vast amount of sensitive data, including names, addresses, Social Security numbers, criminal history, and more. Notably, Trigona is known for its unique approach of privately selling data if the ransom is not paid, making it challenging for organizations to assess the extent of the breach.
Trigona revealed that it had been in negotiations with PUC for about a month before the talks fell apart. PUC, in a unique move, was shown a sample of the data and a listing by Trigona, although they were reportedly unimpressed. Trigona demands $200,000 for the data and promises to delete it if paid. If not, the data will be sold or auctioned off to the highest bidder.
Despite this, PUC has yet to provide updates on the situation since May 3. The college claims to have contacted federal authorities and cybersecurity teams to mitigate the situation, but the lack of transparency raises concerns about the true extent of the breach and the security measures in place.
What We Know About PUC:
Founded in 1882, Pacific Union College is a private liberal arts college affiliated with the Seventh-Day Adventist Church. Offering a range of academic programs, PUC is the sole four-year college in Napa County, California. The college, with over 400 employees and an annual revenue of approximately $32 million, emphasizes the privacy and security of personal information.
Trigona’s spokesperson disclosed that the attack began on March 27, with the group gaining access to PUC’s network weeks prior. The ransomware group claimed to have encrypted PUC’s network twice, highlighting the sophistication of their intrusion. Moreover, the revelation that PUC negotiated for a month sheds light on the college’s awareness of the situation and the potential compromise of sensitive information.
The aftermath of the breach leaves PUC at a crossroads. Trigona’s ransom demand puts pressure on the college, and the unique selling approach of the ransomware group introduces uncertainty about the fate of the compromised data.
PUC’s response, or lack thereof, raises questions about the efficacy of their cybersecurity measures and the transparency in dealing with such incidents. The college is obligated to notify affected individuals once the investigation concludes, but the delay in updates and conflicting statements contribute to a climate of uncertainty.
While data breach letters are yet to be sent, potential victims of the breach should take immediate steps to secure their information. Understanding the risks and implementing safeguards against identity theft and fraud is crucial. As the situation develops, affected individuals must stay informed and be proactive in protecting their sensitive data.
The Pacific Union College ransomware attack underscores the evolving landscape of cyber threats facing educational institutions. The breach serves as a stark reminder of the importance of robust cybersecurity measures and transparent communication in handling such incidents. As PUC grapples with the aftermath, the broader implications of this breach on individuals and the education sector as a whole remain to be seen. It is a call to action for institutions to prioritize cybersecurity and for individuals to stay vigilant in safeguarding their personal information in an increasingly digital world.