Cyber Incident Victim: Mount Saint Mary College
Date:
Dec 2022
Location:
United States of America
Summary
Mount Saint Mary College experienced a ransomware attack by the Vice Society gang, which disrupted systems and prompted network disconnections. The institution did not comply with ransom demands, involving the FBI and engaging cybersecurity experts to rebuild systems and enhance security protocols. Operational impacts included a brief delay to winter classes, though the spring semester commenced as scheduled. Personal information of individuals affiliated with the college over the past decade may have been accessed, leading to notifications and offers of credit monitoring and identity theft protection services alongside a dedicated call center for affected parties.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Mount Saint Mary College, a liberal arts institution in New York, experienced a confirmed ransomware attack on December 20, 2022. The Vice Society ransomware gang—a group notorious for targeting educational institutions—publicly claimed responsibility for the breach on its dark web leak site on February 9, 2023, as highlighted by cybersecurity expert Dominic Alvieri. Attackers successfully accessed and disabled portions of the college’s systems, prompting immediate containment measures. College officials disconnected affected network segments and engaged cybersecurity specialists to assist with remediation. Law enforcement, including the Federal Bureau of Investigation (FBI), was notified promptly. The college received a ransom demand but refused payment in alignment with FBI guidance. Over subsequent weeks, IT teams worked continuously to rebuild compromised systems, enhance network security protocols, and minimize operational disruptions. Winter interim classes resumed after a 48-hour delay, while the spring semester commenced as scheduled on January 23, 2023, with no further interruptions to academic activities.
The incident exposed personal information of individuals affiliated with the college over the preceding decade, including students and employees. Mount Saint Mary proactively notified affected parties via mailed letters and offered complimentary credit monitoring and identity theft protection services for an unspecified duration. A dedicated call center was established to address inquiries. With approximately 2,500 enrolled undergraduate and postgraduate students, the breach carried significant privacy implications. Vice Society’s dark web post on February 9 triggered additional analysis by the college and its cybersecurity partners to evaluate the leaked data’s contents and scope. The group’s history of attacks on educational entities—including the Los Angeles Unified School District in September 2022, Cincinnati State College, and multiple universities—underscored the systemic threat posed to the sector. No data exfiltration specifics or financial losses beyond remediation costs were disclosed by the college. Operational recovery efforts prioritized maintaining academic continuity while reinforcing defenses against future intrusions.