Image: Joshua Hoehne via Unsplash

Tennessee, Georgia colleges respond to cyberattacks as school year wraps up

Hackers infiltrated networks of at least two colleges over the last week, disrupting the schools during the season of final exams and commencement ceremonies.

Tennessee’s Chattanooga State Community College has been responding to a cyberattack since Saturday, forcing the school to cancel classes on Monday and modify schedules for staff members. The school serves more than 11,000 students.

Mercer University in Macon, Georgia, also suffered a cybersecurity incident, announcing Tuesday that hackers stole the sensitive information of students, parents and employees. The school was founded in 1833 and serves more than 9,000 students.

Chattanooga State, known locally as Chatt State, did not reply to requests for comment about whether its incident was a ransomware attack, but officials published a statement saying the school intentionally shut down systems over the weekend “to mitigate and investigate the cyber incident discovered on Saturday, May 6.”

The school’s National Signing Day event scheduled for Thursday was canceled, and it was forced to offer refunds or delay the start of classes scheduled to begin this week.

Most student services were downed by the attack, including systems for student IDs, parking passes, financial aid, academic advising, registration, bill payment, transcript requests, testing, disability services and more.

"The college community is rallying to get us through this moment,” President Rebecca Ashford said. “I am reminded of our college values that encourage us to demonstrate resiliency, trust, and care for each other during this challenging time."

Law enforcement is now involved in responding to the incident alongside The College System of Tennessee, the State of Tennessee Attorney General’s Office and an unnamed cybersecurity vendor.

Tennessee State University — a public historically black land-grant university in Nashville — notified its more than 8,000 students just eight weeks ago that its IT systems were brought down by a ransomware attack.

‘Unauthorized access’ at Mercer

Mercer officials said the school “recently detected an incident involving unauthorized access to its computer network. In response to the incident, the University launched an investigation with the assistance of law enforcement and outside legal and technical consultants.” the school said. It did not specify who the outside experts were.

“Although the University has taken extensive measures to protect the privacy of its information, some data — Social Security numbers and driver’s license numbers — were removed from its systems without authorization,” Mercer said. “The University has found no evidence that personal financial information was removed.”

The school declined to comment further about the particulars of the incident. But a new ransomware gang named Akira added the school to its list of victims this week.

The gang listed another victim — BridgeValley Community & Technical College in West Virginia — last week. The gang has attacked dozens of businesses and schools since emerging in March, demanding ransoms from $200,000 to millions of dollars. Akira also offers victims lower ransoms if data theft — and not encryption — was involved in the attack.

Emsisoft ransomware expert Brett Callow has kept track of ransomware attacks on colleges and universities in 2023, noting that so far there have been at least 35 reported so far.

“There’s been a definite uptick in recent weeks, but spikes aren’t unusual,” Callow said, pointing to data from previous years.

“I suppose exam time is a good time to detonate the payload on already compromised networks,” he said.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.