Cyber Incident Victim: Lewis-Clark State College
Date:
Mar 2023
Location:
United States of America
Summary
Lewis & Clark College suffered a ransomware attack by Vice Society that disrupted campus IT systems and services, including phone networks and WiFi, prompting contingency measures for emergency communications. While the institution worked with external experts to restore operations and investigate the incident, the threat actors leaked stolen files containing sensitive personnel and student data dating back over a decade, potentially exposing extensive personal information and necessitating future notifications. System recovery efforts progressed with partial and full restorations as the college prioritized service resumption and data integrity amid an ongoing technical investigation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 3, 2023, Lewis & Clark College experienced a cybersecurity incident that disrupted IT systems and services across its campuses. The attack, attributed to the Vice Society ransomware group, caused partial or full outages of critical infrastructure, including campus phone services and the PioNet Guest Wifi network. Campus Safety’s primary phone line became intermittently inaccessible, necessitating the activation of a backup contact number for emergencies. The college’s IT department, assisted by external cybersecurity experts, initiated around-the-clock efforts to restore operations and investigate the incident. Despite the disruptions, the institution maintained academic continuity, with classes and campus events proceeding as scheduled. Restoration work progressed incrementally, with multiple systems reportedly returning to functionality by March 24, when the college last updated its public outage notification page. An accompanying FAQ emphasized the preliminary nature of the investigation, prioritizing system recovery and data integrity protection over premature conclusions about the attack’s scope.
By March 31, 2023, Vice Society escalated the incident by publishing stolen college data on its dark web leak site. The leaked files contained personnel records and student information spanning more than a decade, indicating extensive historical data exfiltration. Preliminary analysis by third parties suggested the compromised material could necessitate widespread notifications to affected individuals, though the college had not yet confirmed specific details or initiated formal disclosures at the time of reporting. The theft and publication validated the intrusion’s severity, transforming the initial operational disruption into a confirmed data breach. Lewis & Clark continued collaborating with forensic specialists to assess the full impact while maintaining sparse public communications focused on service restoration progress rather than the data exposure implications. No further updates regarding investigation timelines or notification plans had been issued beyond the March 24 statement.