Cybersecurity Incident

Data Security Incident Update

January 14, 2022

In September 2020, Guilford Technical Community College (GTCC) became victim to a ransomware attack. As a result of the attack, certain systems within GTCC’s environment were encrypted and inaccessible. Once the attack was discovered, GTCC immediately launched an investigation, with the assistance of leading cybersecurity experts, the FBI, and other state agencies into the nature and scope of the attack. The forensic investigation confirmed that the cybercriminal(s) gained access to GTCC's network to perpetuate the attack and that personal information may have been accessible as a result.

Unfortunately, the forensic investigation was unable confirm what personal information was impacted. Out of an abundance of caution, on November 5, 2020, GTCC proactively notified all current and former faculty, staff, and students at GTCC from 2010 to the date of the incident of the potential theft of private information.

Following the November notification, GTCC launched an extensive data mining effort of its entire network, with the assistance of leading cybersecurity experts, to identify any additional individual that had personal information present on GTCC's network at the time of the incident. Due to size and complexity of GTCC's network infrastructure, the cybersecurity experts were required to restore systems and utilize automated and manual methods to search for personal information. Unfortunately, despite GTCC's diligent efforts, the data mining effort took a significant amount of time.

Upon completion of the data mining, GTCC received a list of all individuals whose personal information was present on GTCC's network at the time of the incident. Again, there is no confirmation that this personal information was accessed or acquired by the cybercriminal. Out of an abundance of caution, GTCC is notifying these individuals of the incident. GTCC mailed notice to those individuals for whom it had a valid mailing address on January 13, 2022.

If you did not receive this notice or the November 2020 notice, and would like to know if your information was present on GTCC’s network at the time of the attack, please contact GTCC’s dedicated call center at (855) 604-1721. The call center is available from 9 a.m. to 9 p.m. EST Monday through Friday.  

GTCC takes information security seriously. Since the attack, GTCC has reviewed its policies and procedures, implemented additional safeguards to better protect against a similar attack in the future, and transitioned to a cloud-based environment.