On Sunday, Oct. 2, the IT team at Hartnell College noticed abnormal activity on the college's network. In response they manually shut down the network, and Hartnell officials say the activity "is related to a sophisticated ransomware attack."
“Once [the Information and Technology Resources staff] noticed the suspicious activity, the team immediately took the network offline out of an abundance of caution, and to prevent any further activity,” Chelsy Pham, vice president of ITR, said in a statement emailed to students on Friday, Oct. 7 from President/Superintendent Michael Gutierrez.
Hartnell officials are now working with an unidentified third-party investigator as well as federal law enforcement to investigate.
The college's Board of Trustees met in an emergency meeting on Wednesday, Oct. 5, to discuss the incident in a closed-door meeting. There was no action reported to the public.
Hartnell officials declined to respond to the Weekly's questions about why the meeting was noticed just about 90 minutes before it happened, although it was three days after the attack was detected. (The Brown Act, California's open meetings law, does allow for exceptions to meeting noticing requirements in the case of emergencies.)
"We are currently working with our third-party incident response partners to determine the nature and scope of the activity," according to the campus-wide email on Oct. 7. "Should our investigation determine information on our network was compromised, we will provide notification as required."
All Hartnell employees' passwords are being reset as a precautionary measure and parts of the network remain unavailable, Hartnell officials said in an emailed statement.