NJCU RANSOMWARE ATTACK – New Jersey City University’s computer network fell victim to a ransomware hack this past week. The group responsible for the cyberattack demands $700,000 in Bitcoin, lest the sensitive data of staff, students and faculty be released.
The university informed students and staff of the June 4-10 breach nearly two months after its occurrence. The data haul included social security numbers, bank account data, and driver’s license numbers. While the exact amount of victims is not known for certain, the century-old school and its 6,000 undergraduate and graduate population are at risk of having their sensitive information stolen. School officials remain hesitant to share when the attack came onto their radar.
“In June 2024, our computer network was accessed without permission by an unknown actor,” the university said in a post on its webpage. “In response, we immediately notified law enforcement authorities, took steps to secure our computer network, and conducted a thorough assessment of the matter to determine what happened and how it may affect information that was stored on the network.”
Hack Manac, a cybersecurity company which tracks various cyber security threats across the country, asserts that Rhysida Ransomware Group is responsible for the hack and is demanding 10 Bitcoins ($700,000 USD) by Aug. 3. A spokeswoman could not be reached for comment. Sentinel One, another cybersecurity company, said Rhysida believes it is doing “victims a favor” by highlighting security issues. A university spokesman and a spokesman for the state Department of Homeland Security did not respond in time for comment.
The university plans on offering complimentary identity monitoring for individuals affected by the data breach. “We will also provide the number for a dedicated assistance line where individuals can call in and confirm if they were potentially affected if they did not receive an email,” the university said. “NJCU is arranging resources to assist with notifying individuals and providing complimentary identity monitoring. NJCU will send notices when available.” The university has yet to open up the phone line service.
Moreover, in its post, the university urged individuals to “remain vigilant against incidents of identity theft and fraud by reviewing their financial account statements” and “monitor their free credit reports for suspicious activity”
NJCU also claims that they will evaluate additional technical security measures and practices to reduce the risk of re-occurrence. This cyberattack comes at an inopportune time for the 100-year-old institution. This incident comes in the fallout of a $22.7 million operating deficit in 2022, and a March 2025 deadline from the state of NJ to cut $30 million off the university’s long-term debt. The long-term amount currently sits at $287 million.
Sourced from nj.com. Read more articles on cybersecurity and digital safety here.