PHOENIX — Maricopa Community College District announced Wednesday that about 2 million students, employees and vendors may have had personal information hacked.
District officials are not sure if any of the information has been used. Federal authorities alerted the district of IT security issues in late April and launched an investigation.
Chancellor Rufus Glasper said in a statement, “On behalf of the district, I deeply regret that this occurred and am leading a thorough response
designed to prevent this from happening again. We are examining
every aspect of our IT operations, and the changes underway are making us stronger system-wide.”
Exposed information included Social Security Numbers and bank accounts but not credit-card information.
The problem was that outsiders were able to remotely access the district’s
computer system, and a skilled person could review and even download data. The
district is disciplining several information technology employees, district
spokesman Tom Gariepy said.
“We’ve attributed that lack of security to the failures of certain people with
IT responsibilities who did not live up to the expectations that we placed on
them,” he said.
Among the corrective measures the district is implementing is installation of new security tech, taking portions of some of the systems offline until they can be upgraded and an independent review of security policies and procedures. The district will notify nearly 2.5 million students,
suppliers and employees by mail of the potential that their information was
compromised and will provide credit monitoring and other services, Gariepy said.
The district expects to spend about $7 million to notify those affected, staff
a call center to handle inquiries and provide credit monitoring and counseling
to any affected person who requests those services.
There are 10 colleges in the system: Chandler-Gilbert, Estrella Mountain, GateWay, Glendale, Mesa, Paradise Valley, Phoenix, Rio Salado, Scottsdale and South Mountain.
The Associated Press contributed to this report.