April 20, 2024
Premium | Bureau County Republican
News

Intruder locks up IVCC emails, some servers

IVCC board authorizes hiring of investigators in emergency Saturday session

By Craig Sterrett

IVCC I.T. director Chris Dunlap (left) talks to college board members and staff on Saturday about "an intruder" locking up the college email and additional servers, affecting interdepartmental communications, email, the college website and student registration. The college is not aware of personal data being compromised or of online instructional programming being hindered. (Shaw Media)

Illinois Valley Community College hired a firm Saturday morning to investigate a breach of an email and interdepartmental communication system at IVCC after systems locked up at the college on Friday.

Initial investigation eventually resulted in the discovery of an email designed to lure IVCC I.T. staff to click on the email and follow instructions for unlocking the systems. Instead of taking the bait, IVCC staff members called for help from an outside contractor.

Illinois Valley Community College President Jerry Corcoran applauded staff members for their prudent and cautious actions.

"Time is of the essence" in the search for the solution to and investigation of an internet breach that locked up college servers and emails, which was detected Friday at Illinois Valley Community College. That was the word Saturday morning from Cheryl Roelfsema, Vice President for Business Services & Finance/Treasurer, at an online Zoom emergency meeting called by the IVCC Trustees and administration.

Roelfsema said in addition to blocking emails, the issue hinders registration for courses, which is ongoing.

One problem is, it's uncertain how long it will take to find the cause of or culprit in the breach, IVCC officials heard on Saturday.

"We know this touches a lot of people, and our faculty and staff," said Jane Goetz, IVCC board president. Goetz said the breach and lock-up of servers does not affect all operations, but it needs to be fixed. She asked if there is a possible cost of a solution, to which attorney Walt Zukowski said no maximum price is definite.

College officials on Friday said the breach does not affect the college's ability to deliver educational services to students during the state's stay-at-home-order.

The board voted Saturday to authorize the IVCC administration to enter a contract with Rehmann Robson LLC, to investigate and help solve the data breach. Roelfsema said the college has up to $100,000 in insurance coverage for the matter. Additional companies who were involved in helping with IVCC information technology in the past may get involved, as well, but Corcoran said Rehmann would take the lead. For instance Robert Ferrilli, whose firm already works with IVCC I.T., called Saturday and offered to help.

In addition to finding a solution, a forensic investigation will take place, and Chris Dunlap, IVCC Information and Technology Services Director, informed the board that initial investigation indicates an intruder locked up IVCC servers.

IVCC officials, noting what appear to be eerie similarities to a breach and ransomware attack that affected La Salle County governmental computers, said they would contact county IT personnel and officials. Corcoran said there was an email message from the possible intruder, but he said he would know more about the contents of that email after an investigator looks carefully and more deeply into the matter.

The board was able to meet without 48-hour notice because of the need to expedite the investigation, and board members heard that the state's attorney, Attorney General, FBI and other law enforcement may be contacted.

"On my way to work yesterday morning I received a text from a member of the administration who gave me a heads up that the email system seemed to be not working, as well as the website," said IVCC President Jerry Corcoran. "That triggered me calling Chris Dunlap as well as Cheryl Roelfsema to begin looking into it. They did. The more time they spent looking into it, Chris, with his team, eventually it became clear that an outside intruder must have gotten into the system, locked up the servers, locked up the email system and locked up Colleague which we are also dependent upon for everything we do around here. That triggered the next step, as to those with whom we had worked with in the past, whether there was a possibility of a data breach, the possibility of a system that's compromised."

As the investigation proceeded, college officials knew they would need outside help and need to have an emergency meeting before authorizing spending on the matter.

"Chris and Cheryl started a conversation with the outside consultant, and in the spirit of transparency we wanted to let the community and our board of trustees bring everybody up to speed on where we are and what the options are," Corcoran said.

Dunlap said he and peers started trying to find out why the servers were down.

"We realized that the file servers had been locked by an outside entity. We then gave a call to Rehmann," Dunlap said, referring to a firm the college already was working with for services such as I.T. security audits. "We knew that they also did these type of services. Throughout the afternoon and evening we met with those folks a couple of times. They began some investigations. We didn't go much further than that because we needed everyone's approval to start spending. And they needed to hear back from us."

On Friday, college officials said they were not aware of any personally identifiable information having been released as part of the breach. Still, college officials recommend anyone concerned about their information security should deal with the matter as they deem appropriate.