Cyber Incident Victim: Imperial Valley College
Date:
Aug 2020
Location:
United States of America
Summary
Imperial Valley College experienced a ransomware attack that disrupted critical systems, including student-information platforms like WebSTAR, Canvas, and telephone communications. The institution proactively shut down its entire network to isolate the malware and engaged cybersecurity consultants for remediation. While the investigation remained ongoing, officials acknowledged potential risks to personal identifiable information and stated affected individuals would be notified if compromised. The incident caused significant operational challenges, delaying student services such as registration, financial aid processing, and transcript requests ahead of the fall semester, prompting considerations for course start date adjustments. Alternative communication channels, including email updates, Zoom meetings, and a chatbox, were implemented to mitigate service interruptions during system restoration.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 6, 2020, Imperial Valley College (IVC) detected a ransomware attack on its computer systems, prompting an immediate shutdown of its entire network as a precautionary measure to isolate the threat and prevent further spread. The college’s IT department, led by Chief Technology Officer Jeffrey Enz, initiated containment protocols and engaged external cybersecurity consultants to assist with forensic analysis and system restoration. By August 9, IVC officials confirmed via a letter to students that ransomware had impacted critical infrastructure, including student-information systems such as WebSTAR, Canvas, Starfish, Syllabi site, Contact Forms, and DegreeWorks, all of which remained offline. The telephone communication system was also disabled, rendering the college unable to send or receive calls. IVC’s administration, including Superintendent Martha Garcia and Vice President of Student Services Lennor M. Johnson, acknowledged the disruption’s severity, particularly with the fall semester scheduled to begin August 17 and projected enrollment of 7,000 students.
The college’s response focused on mitigating operational impacts while maintaining transparency through press releases, student emails, and website updates. Public Information Officer Elizabeth Espinoza stated on August 11 that restoration timelines were unclear, as IT teams prioritized ensuring the ransomware’s complete eradication before reactivating systems. Student Services implemented alternative communication channels, including scheduled Zoom meetings and a chatbox feature (“Ask Pepper”), to address enrollment, financial aid, and transcript requests during the outage. IVC officials confirmed the attack was under investigation but declined to disclose specifics about the ransom demand, infiltration vector, or potential data compromise, noting that if personal identifiable information was affected, impacted individuals and authorities would be notified. Board member Jerry Hart emphasized efforts to resolve the issue swiftly, acknowledging the attack’s disruption to pandemic-era online learning. By August 14, the college planned to provide further updates, though immediate consequences included potential delays to some fall courses and prolonged inaccessibility of registration portals and faculty grading systems.