NORMAL — As the investigation continues into a cyberattack five weeks ago, Heartland Community College has informed faculty, staff and students that some personal information may have been accessed.

Information of former students and employees may also have been accessed in the cyberattack that was discovered Oct. 5, according to the college.

Scott Bross, chief information officer, said the cybercriminals gained access to a system that contained confidential information but the consultants working with the college have not found evidence that the information was exported from the system.

If any individual’s information was transferred out, the college will notify the individual directly, said Bross.

The college initially contacted the Normal Police Department and the FBI is also involved. It is an ongoing criminal investigation and information on who may be behind the attack or whether they are within or outside of the county or whether the attacker or attackers have been identified is not being disclosed, said Heartland spokesman Steve Fast.

A third-party forensic team has not been able to find the point of entry that started the cyberattack, Bross said.

The attack had the earmarks of a ransomware attack, in which files are encrypted and held hostage until a “ransom” is paid. Bross said, “We did not need to pursue that path” because the college had the information backed up in other locations.

But the attack was costly in other ways — disrupting online operations at a time when nearly all classes were being taught online and tying up personnel working to recover systems.

About 60% of the college’s 200 servers were directly affected by the attack, but Bross said everything had to be disconnected to determine what was affected. He said the college is about 80% of the way back.

First priority when to getting classes back online. That took about a week.

The next challenge is spring semester registration, which started Tuesday for current students.

“It’s been a real cleaning house experience” to make sure all devices connected to the network have up-to-date security systems, said Bross.

“We’re closing all the doors and checking all the corners,” he said.

The college has added new security measures including an EDR or Endpoint Detection and Response security system that monitors for unusual activity and notifies the college if any is detected. The college also is using an email filtration system to help identify potential threats sent through emails.

Bross said cybercriminals in the past have included malware in emails and more recently use impersonation as a tactic, tricking someone into believing an email is from their employer or bank.

His advice is to not open any attachments that look unusual or suspicious and not to respond directly to emails that are requesting personal information.

Fast said employees will go through cybersecurity training just as they might go through other annual training on such things as preventing sexual harassment.

