Knox College: Internal investigation shows sensitive personal info may be compromised

Samuel Lisec
Galesburg Register-Mail

GALESBURG — An investigation of Knox College's ransomware attack revealed that “sensitive information may have been compromised as a result of the incident,” according to an internal email from Knox College. 

The college has reported the incident to the FBI and “will cooperate with investigation requests in an attempt to hold the perpetrator(s) of this incident responsible, if possible,” according to an email sent Dec. 9 from the school to the "Knox Community."

The compromised info “likely includes student, parent, staff, and alumni personal information” and the college was preparing to notify individuals whose personal information “we believe may have been impacted as a result of the ransomware attack,” according to the same email from Lisa Van Riper, the college's vice president of communications and information technology services. 

Internal Knox emails state that the college first discovered “unusual activity in its network environment” on Nov. 24, 2022. 

Hive Ransomware Group, a FBI-identified criminal organization, previously claimed credit for disruptions to Knox’s computer systems. A group claiming to be Hive sent an email to a number of Knox students on Dec. 7, saying the group encrypted “critical infrastructure and data,” compromised the college’s backup servers and mined social security numbers. 

Physical notices have been mailed to alumni and parents of Knox alumni, stating the leaked information may have included “your name, address, date of birth, Social Security number, driver’s license number, and passport number.”

More:Knox County sheriff says office will not cooperate with new Illinois weapons law

The letter states that the college is offering complimentary credit monitoring and identity protection services for 12 months through Internet Data Exchange, a digital identity protection company.

Van Riper confirmed that Knox sent the notices offering complimentary services through IDX, but did not answer how many letters were sent out.

Brad Brown, a parent who has a child enrolled at Knox, said last month he was “definitely concerned” about the ransomware attack. 

"Obviously the question was what data was exposed and that kind of thing," Brown said.

“I guess I know it's serious because I work in finance, but I guess I was pretty confident in the school that they would take care of it and protect the information,” Mark Chlichting, another parent of a Knox student, said.

More:Offensive tweets lead to scrutiny of Galesburg alderman

When asked Jan. 11 about the current state of the disruptions at Knox College, Van Riper wrote to The Register-Mail: “Winter term has successfully started and we are essentially fully operational.”

An internal Knox email addressed to the students, faculty and staff on Dec. 29 from Van Riper reminded the college community ahead of the start of its winter term on Jan. 2 to reset their passwords, set up two-factor authentication, have campus-owned computers scanned by IT and that a new campus network firewall has been installed. 

Knox College President C. Andrew McGadney announced in a Jan. 6 email to college faculty and staff that Van Riper will be leaving Knox on Jan. 18. Van Riper affirmed in a Jan. 11 email to The Register-Mail that her decision to leave Knox is not connected to the ransomware incident.

“As for my departure, my decision was solely for personal and family reasons,” Van Riper wrote in an email. 

More:Knox County DA: Sheriff's decision to not enforce assault rifle ban "problematic"

The staff update sent by McGadney on Jan. 6 states the school’s Information Technology Services department will now report to Brad Nolden, who became Knox’s vice president for administration and general counsel after leaving his position as city attorney for Galesburg last fall. 

The email also states James Stevens, the college’s senior director of digital initiatives in the communications department, will become Knox’s chief information officer and leader of its IT department and staff until a new vice president is hired.