Cyber Incident Victim: Piedmont Community College
Date:
Aug 2020
Location:
United States of America
Summary
Piedmont Community College experienced a ransomware attack that disrupted critical systems, including VPN access and phone services, necessitating an extended recovery period with incremental restoration over several weeks. The institution faced criticism for inadequate IT preparedness, including compromised backups, insufficient patching, and excessive local admin privileges, compounded by alleged understaffing and reliance on a single contractor. Despite receiving state funds for hardware and services, PCC declined to disclose attack specifics—including ransomware type, intrusion vector, or potential data exfiltration—to media outlets or stakeholders, raising concerns about transparency regarding risks to student and employee personal information. An anonymous source indicated the college had been warned about vulnerabilities prior to the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 24, 2020, Piedmont Community College (PCC) in North Carolina detected a cyber-incident, later confirmed as a ransomware attack. The institution responded by taking critical systems offline, including VPN access and other essential services, by the end of the same day. PCC provided its first public update on October 1, acknowledging the ransomware event but omitting details such as the ransom demand, malware variant, or backup restoration status. The college cited legislative funding from Rural Broadband Access Funds to procure replacement hardware and services for system recovery. Two months post-incident, PCC had not disclosed whether student or employee data was accessed or exfiltrated, nor had it communicated specific protective measures for affected individuals. Systems remained under restoration, with no confirmation of full recovery timelines.
An anonymous source with claimed knowledge of PCC’s operations alleged systemic IT deficiencies preceding the attack, including inadequate patching and compromised backups affecting Windows, Solaris, and phone systems. The phone system reportedly required restoration to an early August backup, disrupting voicemail and features for end users. Systems were nonfunctional for four weeks during rebuilding, followed by incremental improvements over the next two weeks. The source attributed these challenges to understaffing, inexperienced personnel, and reliance on a single contractor for critical infrastructure. PCC allegedly granted local administrator rights to 36–49 users, potentially expanding the attack surface. Neither PCC nor state officials disclosed the ransomware’s intrusion vector or name. Despite media inquiries, PCC’s president declined to share details, and the college maintained no public notifications to students, faculty, or staff regarding potential personal data exposure as of late October.