Campus Alert Archive
Rio Hondo

LockBit Ransomware Gang Encrypts Rio Hondo College Systems and Threatens to Publish Student Data by November 20

CAinfrastructure failureadvisorymedium confidence
Confirmed Threat

Between October 12 and October 19, 2023, an unauthorized party accessed Rio Hondo Community College District's computer network and launched a LockBit ransomware attack, encrypting portions of the IT network and limiting campus functions for days. Rio Hondo, serving more than 31,000 students in the Los Angeles metro, had its website, Canvas learning platform, and AccessRio student portal taken offline. LockBit added the college to its public data leak site on October 31, 2023, demanding payment by November 20 and threatening to publish stolen student data.

Alerts
3
Response
Killed
0
Injured
0
Institution
Rio Hondo Community College District
Community College · CA
~31,000 studentsRio Hondo Emergency Notification
Confirmed Timeline

Alert Sequence

3 messages in sequence

Some alert texts below are approximate reconstructions from news coverage, not confirmed verbatim transcripts. Reconstructed texts are shown in italic with a dashed border. Verified verbatim texts have a solid border and are marked accordingly.

INITIAL ALERTWebsite
Approximate reconstruction440 chars
Rio Hondo Community College District has experienced a cybersecurity incident affecting portions of our IT network. Our website, Canvas, and AccessRio student portal are currently unavailable. We are working with cybersecurity experts to investigate and restore systems as quickly as possible. Financial aid disbursements may be delayed. In-person services are available at campus locations. We will provide updates on restoration progress.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

The specific mention of financial aid disbursement delays is significant for a community college serving a largely low-income student population in the Los Angeles metro area.
Rio Hondo's service area in Whittier and Pico Rivera includes a high proportion of first-generation college students for whom Canvas disruption directly impacts academic progress.
UPDATEFacebook
Approximate reconstruction355 chars
Rio Hondo College is pleased to announce that our website, e-learning software Canvas, and AccessRio platform have been fully restored and made accessible. Our IT team continues to work on remaining systems. We thank our students and staff for their patience during this disruption. Financial aid disbursement services will be restored in the coming days.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

The four-day window from attack detection (October 19) to Canvas restoration (October 23) reflects reasonably rapid response, likely aided by the fact that Canvas is a cloud-hosted platform not stored on local servers.
The college used Facebook as a primary communications channel during the outage -- standard practice when both the institutional website and email systems are compromised.
FOLLOW-UPEmail
Approximate reconstruction565 chars
Rio Hondo Community College District is notifying current and former students and staff that personal information may have been accessed without authorization during a ransomware attack that occurred between October 12 and October 19, 2023. The information potentially accessed includes names, student ID numbers, Social Security numbers, financial aid records, and enrollment information. We have reported this incident to the California Attorney General. We are offering complimentary credit monitoring services. Please contact [number] for additional assistance.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

The four-month delay between the October 2023 attack and the February 2024 breach notification reflects the lengthy forensic investigation required to determine the scope of data access in ransomware incidents.
Filing with the California AG's office rather than solely with the federal HHS OCR reflects the applicability of California's state-level breach notification laws to community college data.
Context

Background

Rio Hondo Community College District, headquartered in Whittier, California, is one of the larger community colleges in the Los Angeles region, serving approximately 31,000 students. The LockBit ransomware attack between October 12-19, 2023 was discovered on October 19 when portions of the college's network were found to be encrypted. LockBit, at the time one of the most active ransomware operations globally, added Rio Hondo to its public dark web leak site on October 31, 2023, setting a November 20 deadline for payment. The college restored Canvas and its AccessRio student portal by October 23, and financial aid disbursement services the following day -- a relatively quick technical recovery. However, the data breach implications were not resolved quickly. Rio Hondo filed a notice of data breach with the California Attorney General on February 27, 2024, confirming that the unauthorized actor accessed confidential information belonging to current and former students, including names, Social Security numbers, and financial aid records. LockBit itself was disrupted by an international law enforcement takedown in February 2024, roughly the same month as the breach notification, but it is not confirmed whether Rio Hondo's data was published before the operation was dismantled.
Analysis

Key Findings

LockBit ransomware attack on Rio Hondo between October 12-19, 2023 encrypted portions of the college's IT network.
Website, Canvas, and AccessRio portal were offline; financial aid disbursements delayed.
LockBit added Rio Hondo to its dark web leak site October 31, 2023, with a November 20 payment deadline.
Canvas, AccessRio, and financial aid systems restored within 4-5 days.
Data breach notification filed with California AG February 27, 2024, confirming unauthorized access to student records including SSNs.
Outcome
Canvas, AccessRio, and financial aid disbursement systems were restored by October 24, 2023. LockBit's November 20 deadline passed without confirmed payment. A data breach notice was filed with the California Attorney General on February 27, 2024, confirming unauthorized access to current and former student records.
Provenance

Sources

  1. News
    California community college Rio Hondo dealing with cybersecurity incident -- The Record
    therecord.media
  2. News
    Rio Hondo Community College data breach in the wake of ransomware attack -- GEANT Security
    security.geant.org
  3. News
    Cyberattack disrupts California community college -- SC Media
    scworld.com
  4. News
    Rio Hondo College data breach in 2023 -- BreachSense
    breachsense.com
Tags
ransomwarelockbitcommunity-collegedata-breachcanvas-outagefinancial-aidcalifornialos-angeles2023
Added May 2026Updated May 2026Via ingestion