New Jersey City University hit by ransomware

New Jersey City University, a public school that enrolls 6,500 students, has been hit by ransomware and has until Saturday to pay $700,000 in bitcoin or risk having its sensitive data published online.

The cyberattack occurred between June 4 and June 10, but the university only notified staff and students last Friday, The Jersey Journal reported. Stolen data includes driver’s license numbers, bank account numbers, Social Security numbers and other personal information.

 “In June 2024, our computer network was accessed without permission by an unknown actor,” a post on the university’s website reads. “In response, we immediately notified law enforcement authorities, took steps to secure our computer network, and conducted a thorough assessment of the matter to determine what happened and how it may affect information that was stored on the network.”

A spokesperson from New Jersey City University referred EdScoop to its website, which includes frequently asked questions, including whether the university paid a ransom. “NJCU is not sharing that information,” the website states.

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency recommends that organizations hit by ransomware should never pay their attackers, because payment offers no guarantees that data is deleted and systems restored, and it encourages future attacks.

Ransomware is on the rise in education. The cybersecurity firm Zscaler this week published a report showing that ransomware threats are growing fastest in the health care and education sectors. Researchers found that educational institutions faced 217 ransomware attacks between 2023 and 2024, a 35% increase over the previous year.