MCCCD Technology Outage Update on the Investigation and Key Findings
Jun, 14 2021
The forensic investigation into the Maricopa County Community Colleges District’s (MCCCD) recent security incident has concluded and we are providing an update on the investigation and its key findings.
First Indications & Response:
On Tuesday, March 16, 2021, the MCCCD third-party monitoring vendor detected suspicious activity on a system within the network. The information we had at the time suggested it could be a precursor to a cyberattack, which we take very seriously. To protect our systems and data, we immediately implemented our incident response protocols and at the advice of experts, took all systems offline. We hired a team of experts to investigate the suspicious activity and guide us through the containment and restoration process.
Key Investigative Findings:
The forensic investigation determined MCCCD likely identified and prevented a potential ransomware attack before the attackers could encrypt systems. This is largely due to the continued investment in security and training MCCCD has implemented over the past several years.
Additional key findings from the investigation included the following:
- An attempt was made to download a file that includes names, dates of birth, email address and hashed passwords for Maricopa user accounts. The investigation found no evidence this file ever left our system, however, out of an abundance of caution, we did not permit MCCCD users to access applications unless they changed their password. We are distributing a notification to all MCCCD users with information about this data security incident, tips for creating strong and complex passwords, and details on steps students and staff can take to further protect their information.
- The student information and human resources management systems are not hosted within the MCCCD network and were completely unaffected by this incident. We are confident that no student or employee information from these systems, such as social security numbers, educational information or financial data was compromised as a result of this incident.
- No evidence of insider wrongdoing was found.
Moving forward, MCCCD will continue to invest in systems, training and technology to evolve our defenses to mitigate future threats. We thank the entire MCCCD community for their patience during this process, and for allowing us the time to investigate and securely restore systems. This time proved to be valuable in containing the threat early, allowing us to investigate, and reinstating our systems with the highest confidence that our networks were secure.