New Jersey City University faces massive data breach

New Jersey City University is notifying students of a ransomware attack that may have compromised sensitive personal and financial data.

University officials confirmed the cyberattack occurred between June 4-10, but are only now notifying students and staff.

In a statement on their website, officials say, "The types of information that could be affected varied by individual, but the information collectively included name, Social Security number, driver’s license number, financial account number, and credit card number."

Affected individuals are being notified directly and are being offered free credit monitoring.

What happened?

New Jersey City University said in a statement their "computer network was accessed without permission by an unknown actor and certain files may have been copied without permission."

While NJCU confirmed this was a "ransomware event," they refused to say if they paid the ransom.

A cybersecurity company that tracks such data breaches and attacks claims the Rhysida Ransomware Group is responsible for the NJCU attack.

Hack Manac claims on its website that Rhysida was able to capture sensitive information and has threatened to release it publicly unless NJCU pays $700,000 in Bitcoin ransom.

NJCU would not confirm those details.

School officials say the "unauthorized activity was remediated" and it is safe to use the university's computer system.

A special hotline to answer questions about the breach is being set up, but NJCU did not say when it would be operational.