Who: Oberlin College, Grinnell College, Hamilton College

# of Accounts Breached:

What was affected: Admissions database

When it happened: March 2019

How it happened: The mysterious sender offered the student a chance to see his file, including comments by admissions officers, assigned ratings, interview notes, teacher recommendations, and a tentative decision. “Although the price tag is substantial,” the message said, “this offer presents a unique opportunity to look at yourself from the inside of Grinnell Admissions office absolutely unfiltered.” All he had to do was pay one Bitcoin, or about $3,900.

Outcome: Technolutions, had advised colleges using Slate to review security practices for their single sign-on and password-reset systems. In an email to Slate users on Thursday the company strongly encouraged the use of two-factor authentication in single sign-on systems.