Cyber Incident Victim: Lansing Community College
Date:
Mar 2023
Location:
United States of America
Summary
A cyberattack disrupted Lansing Community College's operations, leading to the suspension of all classes, events, and activities, with specific exemptions for certain training programs. The incident caused widespread system outages, including campus Wi-Fi and online course platforms, prompting the institution to disconnect its servers and internet as a precaution. With assistance from third-party specialists and law enforcement, the college initiated an investigation and began restoring services incrementally. While no evidence of ransomware or unauthorized data access was confirmed, technical issues persisted during recovery, including temporary malfunctions in password reset functions. Normal operations resumed gradually, though disruptions affected the institution’s approximately 19,000 students.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Lansing Community College (LCC) experienced a cybersecurity incident that disrupted operations beginning on March 16, 2023, prompting immediate suspension of most activities. In response to the ongoing incident, the college canceled all classes, events, practices, and activities effective immediately through March 16 and 17, with exceptions for the Police Academy, Fire Academy, and Aviation Maintenance courses in Mason, which continued as scheduled. The college directed stakeholders to its Twitter account for updates while initial containment measures were underway. By March 17, the IT team identified suspicious network activity, leading to precautionary isolation of systems. Officials disconnected servers and internet access to prevent potential damage and contacted state and federal law enforcement agencies. Third-party cybersecurity specialists were engaged to assist with the investigation, which remained ongoing as of March 20. The college emphasized no evidence of ransomware or confirmed unauthorized access to personal data at this stage but committed to notifying affected individuals if the investigation revealed compromises.
The attack’s operational impact included a campus-wide Wi-Fi outage and cancellation of all online classes, which remained offline until at least March 21. Physical classes were similarly canceled on March 16–17, disrupting approximately 19,000 students enrolled across 230 programs. By March 19, the college restored Wi-Fi and began gradually bringing systems back online, though technical difficulties persisted, including nonfunctional password update tools. LCC advised students and staff to change passwords once the feature became operational. Despite restoration progress, the institution warned of residual technical issues during the recovery phase. No data breach was confirmed, but the investigation continued to assess whether threat actors accessed sensitive information. The incident reflects broader targeting of community colleges in 2023, with at least 13 U.S. higher education institutions reporting cyberattacks by mid-March, including a peer institution in Michigan recovering from a ransomware incident the prior year. LCC resumed limited operations by March 20, prioritizing system security while restoring services incrementally.