Cyber Incident Victim: Southwest Tennessee Community College
Date:
Jul 2024
Location:
United States of America
Summary
A cyber incident disrupted network systems at Southwest Tennessee Community College, prompting an investigation with forensic experts to determine the scope and restore operations. The attack caused significant system outages, impacting key platforms including the college portal, PAWS, and Banner, and necessitating remote work and learning. Summer II term classes and registration were delayed, with in-person registration extended while IT implemented mandatory DUO Security multi-factor authentication and password resets for account access. Campus child care centers remained operational, but bookstore services were initially suspended. The institution prioritized restoring academic functions and strengthening defenses, with IT teams providing extended support for password resets across multiple campuses as recovery efforts continued.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Southwest Tennessee Community College first encountered server environment issues on July 3, 2024, initially described as technical problems before being identified as a cyber incident through forensic investigation. The college publicly confirmed the cybersecurity breach on July 7 after discovering malicious activity extending beyond the original server malfunction. This incident disrupted all network-dependent systems including the Southwest Portal (My.Southwest), PAWS learning management system, Banner administrative software, campus Wi-Fi, printing services, and email accessibility for users who logged out or experienced password expiration. The institution immediately engaged computer forensics experts to investigate the attack's scope while implementing emergency protocols that shifted all operations to remote work and learning modalities. Summer academic terms were significantly impacted, with the Summer II session delayed from July 8 to July 15 and registration extended through July 19, while the extended summer term was lengthened to August 15 to accommodate recovery timelines. Campus child care centers maintained normal operations, but Follett Bookstore locations remained closed except for online sales through an alternative domain.
The college initiated phased recovery efforts beginning July 12 with mandatory security enhancements requiring all users to install DUO multi-factor authentication and reset passwords by July 14 deadline, locking accounts for non-compliance. IT teams established in-person support stations across four campuses from July 15-19 to assist with password resets and technical issues while prioritizing restoration of academic systems. By July 15, partial functionality returned allowing email access for previously logged-in users, PAWS availability for instructors, and campus Wi-Fi reactivation, though printing services and full portal functionality remained offline. Academic operations resumed July 15 with in-person registration for Summer II and Fall 2024 terms conducted manually at campus locations, while FAFSA completion clinics proceeded as scheduled starting July 20. The administration extended grading deadlines for Summer I courses to July 19 and implemented manual timesheet tracking for hourly employees until UKG systems restored. Throughout the incident response, the college maintained communication via temporary websites, social media, and email updates while coordinating with Tennessee Board of Regents and state officials, though transcript services and some financial operations remained suspended pending full system restoration.