Campus Alert Archive
PSCC

Finals Week Ransomware Attack Encrypts All Five Pellissippi State Campuses' PCs During the Night, Forcing TBI Response

TNotheradvisoryhigh confidence
Confirmed Threat

Overnight between December 5 and 6, 2021, a ransomware attacker encrypted all PC workstations and most servers at Pellissippi State Community College's five Knoxville-area campuses, shutting down internet access, Brightspace, and college email during finals week. The Tennessee Bureau of Investigation was brought in to assist, and a subsequent forensic review found that personal data including names, email addresses, and internal IDs of up to 206,000 current and former students, staff, and Tennessee Consortium for International Studies participants may have been compromised.

Alerts
3
Response
Killed
0
Injured
0
Institution
Pellissippi State Community College
Community College · TN
~10,000 students
Confirmed Timeline

Alert Sequence

3 messages in sequence

Some alert texts below are approximate reconstructions from news coverage, not confirmed verbatim transcripts. Reconstructed texts are shown in italic with a dashed border. Verified verbatim texts have a solid border and are marked accordingly.

INITIAL ALERTEmail
Approximate reconstruction320 chars
PSCC NOTICE: Pellissippi State is experiencing a network outage affecting all campuses. Internet access, Brightspace, and email services are currently unavailable. We are working to resolve this issue and will provide updates. If you have finals this week, please check with your instructor for alternative arrangements.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

The college became aware of the cyber event at all five campuses on December 6, 2021, and shut off internet and network connections to contain the attack
An attacker had encrypted all connected PC workstations and most servers before the college discovered the incident
The outage struck during finals week, disrupting online exams and Brightspace access for students
UPDATEWebsite
Approximate reconstruction368 chars
PSCC UPDATE: The network outage was caused by a ransomware attack. We have engaged computer forensics experts and are working with law enforcement, including the Tennessee Bureau of Investigation. We are executing our Cyber Incident Response Plan. The incident has been contained. PSCC will not pay the ransom. We will provide further updates as services are restored.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

Pellissippi State confirmed the ransomware attack on December 7, 2021, after initially characterizing it as a 'network outage'
The Tennessee Bureau of Investigation's Technical Services Unit provided assistance after the ransomware attack
The college publicly stated it would not pay the ransom demand
FOLLOW-UPEmail
Approximate reconstruction458 chars
PSCC DATA BREACH NOTICE: Our forensic investigation has identified that one system accessed by the attacker contained basic directory information including names, email addresses, internal ID numbers, and Pellissippi State passwords. If you are a current or former student, employee, or TCIS participant, your information may have been involved. Please call 1-855-604-1808 or email cyberresponse@pstcc.edu with questions. Free credit monitoring is available.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

Data breach notifications were sent in February 2022, approximately two months after the attack
Up to 206,000 individuals may have been affected, including current and former students, staff, and Tennessee Consortium for International Studies participants
The main database and credit card payment systems were not accessed in the attack
Context

Background

In the overnight hours between December 5 and 6, 2021, a ransomware attacker infiltrated Pellissippi State Community College's network and encrypted all connected PC workstations and most servers across the college's five Knoxville-area campuses before the intrusion was detected. When the college discovered the attack, it immediately shut down all internet access and network connections between campuses to prevent further spread. The Tennessee Bureau of Investigation's Technical Services Unit was called in to assist along with contracted private forensic experts. The attack struck during finals week, disrupting online exams, Brightspace course management, and college email -- causing significant frustration among students. The college confirmed it did not pay the ransom. A subsequent forensic investigation found that one system had been accessed that contained basic directory information (names, email addresses, internal IDs, and Pellissippi State passwords) for up to approximately 206,000 current and former students, employees, and Tennessee Consortium for International Studies participants. The main student database and credit card payment systems were not involved. Data breach notification letters were mailed in early February 2022, offering free credit monitoring. The attack highlighted cybersecurity vulnerabilities at community colleges, which often have limited IT security budgets and a large, distributed user base.
Analysis

Key Findings

The ransomware encrypted all PC workstations and most servers at five campuses before discovery, demonstrating the speed and severity of a well-executed ransomware deployment
The timing during finals week maximized disruption, preventing students from accessing course management, email, and online exam platforms at the most critical academic moment
Pellissippi State declined to pay the ransom, consistent with law enforcement guidance and public institutional policy
Up to 206,000 individuals had basic directory information potentially exposed, among the larger community college data compromises of 2021
The attack triggered TBI involvement, reflecting how seriously Tennessee law enforcement treated cyberattacks against public educational institutions
Outcome
All campus PC workstations and most servers encrypted. Internet and network access shut down across all five campuses. Online finals disrupted. PSCC did not pay the ransom. One system was confirmed accessed, containing basic directory information for up to 206,000 individuals. Campus network and services were restored over subsequent days. TBI technical agents assisted. Data breach notifications sent February 2022.
Provenance

Sources

  1. News
    TBI assisting after Pellissippi State computer network brought down by suspected ransomware attack (WBIR)
    wbir.com
  2. News
    Pellissippi State Community College responds to ransomware attack (WVLT)
    wvlt.tv
  3. News
    Pellissippi State: Some info of current and former students/staff compromised in ransomware attack (WBIR)
    wbir.com
  4. Official
    FAQ about Pellissippi State Community College Ransomware Attack (Tennessee Board of Regents)
    tbr.edu
  5. News
    Pellissippi State ransomware attack leaves students frustrated (WATE)
    wate.com
Tags
ransomwarecyberattackcommunity-collegetennesseeknoxvilledata-breachfinals-weektbi-investigation
Added May 2026Updated May 2026Via ingestion