On March 19, the office of the Chancellor sent a district-wide email throughout the nine Maricopa Community Colleges stating that they would be extending the spring semester due to what they characterized as “suspicious activity” that appeared to be “the early stages of a cyberattack” against the Maricopa data systems.

However, at 2:12 pm on March 16, students and faculty received an alert via RAVE and SMS text stating that the IT systems were down due to an “emergency maintenance” procedure.

After MCCCD media contact, Desi Danzig responded to questions via email from The Arizona Republic about the district-wide message referring to an “emergency maintenance” shutdown—Danzig clarified the statement to include—unauthorized, “suspicious activity” had been detected and appeared to be the “early stages of a cyberattack.”

Danzig also stated that the district was working with “forensic partners” to ensure that the systems were secure enough to “reestablish connectivity and resume business as usual.”

Since the announcement regarding the cyberattack and the subsequent shut-down of the district-wide Maricopa Community College IT system and the extension of the spring semester— students, faculty nor staff have received detailed updates on what actually happened—or, more importantly, what kind of personal or personnel information may have been compromised.

Faculty and staff have been especially concerned about their personal banking information such as direct deposits made from the district to banking institutions, social security numbers, home addresses, phone numbers and even sensitive personnel data.

The district has not publicly provided further information or reports that would specify areas where information might have been compromised or stolen through the attack.

Concerns raised by some faculty include the fact that they were not notified sooner of a possible “cyberattack” and were left to assume for several days that the shutdown was an IT maintenance or update issue.

Some faculty that contacted Northeast Valley News expressed concern over what they have seen as an increase in personal email and text messages that are suspicious. One faculty member described four weekly text messages claiming bank transactions that were not made.

The at-risk personal information of faculty, staff and students could be far reaching in a cyberattack.

Many Maricopa students are equally concerned about personal information as well as grades, classroom input and private correspondence. Although some students talked about the inconvenience and confusion of the shut-down, most students we spoke with were relieved that a two-step system of identification was put into place.

Faculty are less confident in Maricopa’s track record on any system-wide management of information including the payroll debacle of a few years ago—a mismanagement that is still negatively affecting some employees.

And this spring is not the first time that the district has been attacked.

In 2013, hackers leaked the personal information of more than two million students and faculty.

The 2013 attack caused an uproar from students and faculty alike, for the length of time it took to get the situation under control and to notify those whose information was hacked.

One faculty member who spoke to nevalleynews.org on the condition of anonymity was upset by the lack of information—early on, from the administration and their subsequent silence since the attack.

“It would have been helpful to know that my banking information was possibly accessed so I could decide whether or not to cancel my bank cards or at least monitor them. Everything I have heard about cyberattacks—well, I guess the damage is pretty much done—but if they still have my personal information they could try to use it.”

Hackers don’t necessarily use stolen information right away—it could be accessed for years to come.

Eva Casey-Velasquez of the Identity Theft Resource Center, told NBC News in a 2019 report that even though the numbers of U.S. data breaches dropped from the previous year if breaches are down, but more records are stolen at once, that’s a serious problem.

“This is telling us that we are creating a system and process that is easier for the thieves to compromise and we’re collecting and storing more and more data in single places, so that the criminals only have to commit one hack, or one breach of that institution to get all of those records.”

And hackers no longer need to sift through Facebook or Instagram to gather the occasional innocently posted personal information—with one hack, in the right place—there’s a gold mine of personal information vulnerable to a cyberattack.

Most faculty we spoke with have already changed their passwords and access codes or other information but some individuals have reported receiving texts specific to their banking institutions or other frequent sites asking for verification on particular personal information and suspicious activity in the way of phone calls, texts, and emails—many are stating that a purchase was made on their account and the institution needs additional banking information.

Northeast Valley News contacted Matthew Hasson, Chief Communications officer of Maricopa Community Colleges, to find out what he may know about the specifics of the attack and what, if any, personal information was in fact compromised.

We asked if a final report on the attack was imminent.

Although Hasson did not deny the possibility of an information leak, he stated that as of now:

“There is- there is no evidence that any student or employee information has been compromised.”

According to Hasson, there is “absolutely” going to be a final report of this event but he “can’t put a date on it but [he] can anticipate it won’t be much longer.”

Even though MCCCD were forthcoming with the new changes that they have made to ensure that an attack of this magnitude would not happen again—some faculty and students fear that the damage may have already been done—others are not as trusting that it won’t happen again.

And not unlike the event of 2013, some students and faculty have been waiting to find out what personal information might have been accessed in the cyberattack.

Hasson referred to a final report—a thorough explanation might ease some of the concerns.