Three colleges across the U.S. have been hacked. And now, the hackers are seeking a big payday before they hand over information.
Oberlin College in Ohio, Iowa-based Grinnell College, and New York’s Hamilton College were targeted recently by hackers that stole data on students applying for admission to their schools, according to The Wall Street Journal. The hackers were able to dupe college staff members into handing over passwords and took control over databases that housed student applicant information.
Those who stole the data are now seeking one bitcoin–currently traded at approximately $3,800–from students to retrieve their “entire admission file,” including teacher recommendations, admissions department comments, and more.
According to the Journal, each of the colleges used a platform called Slate from Technosolutions to manage their admissions processes. After getting access to the college networks by obtaining passwords, the hackers reportedly targeted the Slate software running on the college networks and obtained the data.
Technosolutions CEO Alexander Clark told the Journal in an interview that the company has been in contact with the three colleges. He said that he’s requested they “review the security practices of their single sign-on and password reset systems.”
The hack followed a script often used by hackers to gain access to sensitive data. They first create a phishing e-mail to dupe users into believing it’s legitimate, get someone to unwittingly provide credentials, and then steal data. Single-sign on, which Clark references, paves the way for hackers to steal data without anything other than a password. Many security experts now suggest people use a two-factor authentication system that includes inputting a password and a code sent to their e-mail or smartphones to verify their identities.
In interviews with the Journal, the colleges said that they’re investigating the matter and informing affected students. They all plan to continue on in their admissions process.
Technosolutions did not immediately respond to a Fortune request for comment.