In-person classes are back in session for students, but the network remains down one week after Des Moines Area Community College identified a cybersecurity threat in its network.

When asked if the investigation has identified malware or ransomware attack on the network, a spokesperson referred the Business Record to statements updated daily on DMACC’s homepage, which does not identify the cause of the “data security incident.” The FBI joined DMACC’s IT department and outside cybersecurity analysts in the investigation on Tuesday.

“As you know, we shut down parts of our network in order to assess the situation, secure our network, and ensure that personal information was not impacted,” DMACC President Rob Denson said in a posted message. “To date, we have no evidence that any student or faculty information has been acquired or is at risk as a result of this incident.”

DMACC shut the doors at all 12 locations June 4, just as students, staff and faculty were preparing to begin summer term classes early this week. Online-only classes remained canceled on Thursday, June 10.

The DMACC cybersecurity investigation prompted Iowa House Speaker Pat Grassley to announce Wednesday that the Information Technology Committee will pivot its work from the governor’s broadband initiative to government cybersecurity issues, Radio Iowa reported on Tuesday. Grassley did not return requests for comment by the Business Record ahead of publication.

Between 2005-2020, Iowa K-12 and higher education institutions reported 27 data breaches, affecting 336,435 records, according to a 2020 report by CompariTech. Twenty-five of those breaches occurred at post-secondary schools, affecting 336,335 records.

Nationally, one of the largest education data breaches that occurred over that time took place in 2013 at the Maricopa County Community College district in Arizona, where the records of nearly 2.5 million individuals were made available online.

Community colleges share the same types of risk factors as other major university systems, hospital systems or corporations, said Emily Shields, executive director of the Iowa Association of Community College Trustees. IACCT represents 15 community colleges in Iowa. About one in 10 Iowans are engaged in community college services throughout the year, Shields said.

“We’re vulnerable to something that would take down our systems because we rely on them, but what organization or business can you point to today that wouldn’t say the same thing?” Shields said. “It’s really impossible to operate a college in today’s online world without those systems. That’s the world we’re in pretty much across the board.”

All of Iowa’s community college systems have an existing relationship with cybersecurity firms to support their IT staff in the event of a cyber threat, Shields said.

“We’re across the country seeing ramped-up threats and new types of threats, including things like ransomware. That requires us to work with those firms and learn from things as they happen,” she said.  

“The part where [IACCT] comes in is more about how we reflect on what happened, and what we can learn from it,” she added. “We’re really in an unprecedented situation across the board with these kinds of attacks happening, and everyone will be seeking to learn and adapt as we go.”