NOCCCD | News & Announcements | Update on Data Security Incident
What happened?
On Monday, January 10, 2022 the North Orange County Community College District (NOCCCD or the District) identified suspicious activity on various network servers. The District began investigating the activity with the assistance of outside computer forensic specialists to determine the nature and scope of the incident. The District learned that an unauthorized actor accessed both Cypress College's and Fullerton College's networks at varying times between approximately December 7, 2021 and January 10, 2022. Files containing information for certain individuals may have been viewed and/or taken by the unauthorized actor.
What is the District doing?
Upon becoming aware of this issue, the District launched a response to secure our network, restore college operations, and investigate what happened. We are also coordinating with the colleges to review and enhance existing policies related to data protection, and have implemented multi-factor authentication as well as an advanced threat protection and monitoring tool to better protect data. New and expanded employee cybersecurity trainings are being implemented throughout the District. We reported this incident to relevant regulators, as appropriate. We have also reported this incident to the FBI.
What data was impacted?
Once the attack was discovered, the District immediately launched an investigation with the assistance of leading cybersecurity specialists into the nature and scope of the attack. The forensic investigation confirmed that the cybercriminals gained access to our networks, and that personal information may have been accessible as a result.
The potentially impacted data may vary by individual. NOCCCD sent mailed letters to impacted individuals and provided notice via this posting as well as a posting on Fullerton College's website: https://isc.fullcoll.edu/ and Cypress College's Dental Clinic website: https://emma-assets.s3.amazonaws.com/uzxbb/600300ce7fae020e6a786cfc208e387d/NOCCCD_-_Substitue_Notice__dental_clinic_.pdf.
I didn't receive a letter, is my information impacted?
On March 25, 2022, NOCCCD began mailing formal notification letters to impacted individuals. If you did not receive a letter but you believe that your information was impacted please call 1-833-783-1440 between the hours of 6 a.m. to 6 p.m. PT Monday through Friday.
Was this a ransomware attack?
Yes, Cypress College and Fullerton College experienced a ransomware attack. Cypress College and Fullerton College immediately took steps to confirm the security of their systems, including the deployment of an advanced threat protection and monitoring tool.
What if I want to speak to someone regarding this incident?
We have established a confidential assistance line for you to utilize if you have questions or concerns regarding this incident. Please call 1-833-783-1440 between the hours of 6 a.m. to 6 p.m. PT Monday through Friday.
What can I do to protect against identity theft or fraud?
Although NOCCCD has no indication at this time that any identify theft or fraud has occurred in relation to this event, the following are best practices to take after any data privacy event:
Monitor your financial statements carefully. If you see any unauthorized or suspicious activity, promptly contact your bank, credit union, or credit card company.
Monitor your credit reports for suspicious or unauthorized activity. Under U.S. law, you are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also contact the three major credit bureaus directly to request a free copy of your credit report.
Place a fraud alert on your credit file. You have the right to place an initial or extended "fraud alert" on your file at no cost. An initial fraud alert is a one-year alert that is placed on a consumer's credit file. Upon seeing a fraud alert display on a consumer's credit file, a business is required to take steps to verify the consumer's identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Contact the three major credit bureaus directly to place a fraud alert on your credit file.
Place a security freeze on your credit file. A security freeze will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report. Contact the three major credit bureaus directly to place a security freeze on your credit file.
Contact the Federal Trade Commission and your state Attorney General. You may contact the Federal Trade Commission and Attorney General for the state where you reside to learn more about identity theft, fraud alerts, security freezes, and other steps you can take to protect yourself. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580, www.identitytheft.gov, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261.
Report incidents of suspected or actual identity theft or fraud. If you were, or believe you may have been, a victim of theft or fraud, you are encouraged to report that activity to law enforcement, the Federal Trade Commission, and your state Attorney General.
There are fraudulent charges on my credit/debit card. What do I do?
At this time, the District has no indication that credit/debit card information was specifically impacted by this incident. However, you should immediately contact your bank or financial institution if you identify any fraudulent or suspicious charges on your credit or debit card. They will provide instructions on how to dispute the charges and have a new account issued to avoid any further suspicious activity. Incidents of identity theft should also be reported to your local law enforcement.
Should I check my credit report?
You should monitor your credit report regularly regardless of whether your information may have been exposed or you think you may be a victim of identity theft or fraud. Every U.S. consumer over the age of 18 can receive one free credit report every 12 months by contacting one of the three national credit bureaus or through the Annual Credit Report Service by visiting www.annualcreditreport.com or calling toll-free, 1-877-322-8228.
What is the purpose of a "fraud alert"?
A fraud alert tells creditors to contact you before they open a new credit account under your Social Security number. An initial fraud alert is a one-year alert that is placed on a consumer's credit file at no cost to the consumer. Upon seeing a fraud alert display on a consumer's credit file, a business is required to take steps to verify the consumer's identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should you wish to place a fraud alert, please contact any one of the following agencies:
Equifax Experian TransUnion
https://www.equifax.com/personal/credit-report-services/ https://www.experian.com/help/ https://www.transunion.com/credit-help
1-888-298-0045 1-888-397-3742 1-833-395-6938
Equifax Fraud Alert, P.O. Box 105069 Atlanta, GA 30348-5069 Experian Fraud Alert, P.O. Box 9554, Allen, TX 75013 TransUnion Fraud Alert, P.O. Box 2000, Chester, PA 19016
What is the purpose of a security freeze?
A security freeze will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. You should, however, be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report. Should you wish to place a security freeze, please contact the major consumer reporting agencies:
Equifax Experian TransUnion
https://www.equifax.com/personal/credit-report-services/ https://www.experian.com/help/ https://www.transunion.com/credit-help
1-888-298-0045 1-888-397-3742 1-833-395-6938
Equifax Credit Freeze, P.O. Box 105788 Atlanta, GA 30348-5788 Experian Credit Freeze, P.O. Box 9554, Allen, TX 75013 TransUnion Credit Freeze, P.O. Box 160, Woodlyn, PA 19094
I think I may be a victim of identity theft. What should I do?
If you believe you are a victim of attempted or actual identity theft or fraud, we encourage you to take the following steps:
Contact your financial institution to protect or close any accounts that have been tampered with or opened fraudulently.
Contact the credit reporting agencies to place a "fraud alert" or a "credit freeze" on your credit reports.
File a police report and ask for a copy for your records.
File a complaint with the Federal Trade Commission at: https://www.identitytheft.gov/.
File a complaint with your state Attorney General.
Keep good records.
Keep notes of anyone you talk to regarding this incident, what they told you, and the date of the conversation.
Keep originals of all correspondence or forms relating to the suspicious activity, identity theft, or fraud.
Retain originals of supporting documentation, such as police reports and letters to and from creditors; send copies only.
Keep old files, even if you believe the problem is resolved.
On Monday, January 10, 2022 the North Orange County Community College District (NOCCCD or the District) identified suspicious activity on various network servers. The District began investigating the activity with the assistance of outside computer forensic specialists to determine the nature and scope of the incident. The District learned that an unauthorized actor accessed both Cypress College's and Fullerton College's networks at varying times between approximately December 7, 2021 and January 10, 2022. Files containing information for certain individuals may have been viewed and/or taken by the unauthorized actor.
What is the District doing?
Upon becoming aware of this issue, the District launched a response to secure our network, restore college operations, and investigate what happened. We are also coordinating with the colleges to review and enhance existing policies related to data protection, and have implemented multi-factor authentication as well as an advanced threat protection and monitoring tool to better protect data. New and expanded employee cybersecurity trainings are being implemented throughout the District. We reported this incident to relevant regulators, as appropriate. We have also reported this incident to the FBI.
What data was impacted?
Once the attack was discovered, the District immediately launched an investigation with the assistance of leading cybersecurity specialists into the nature and scope of the attack. The forensic investigation confirmed that the cybercriminals gained access to our networks, and that personal information may have been accessible as a result.
The potentially impacted data may vary by individual. NOCCCD sent mailed letters to impacted individuals and provided notice via this posting as well as a posting on Fullerton College's website: https://isc.fullcoll.edu/ and Cypress College's Dental Clinic website: https://emma-assets.s3.amazonaws.com/uzxbb/600300ce7fae020e6a786cfc208e387d/NOCCCD_-_Substitue_Notice__dental_clinic_.pdf.
I didn't receive a letter, is my information impacted?
On March 25, 2022, NOCCCD began mailing formal notification letters to impacted individuals. If you did not receive a letter but you believe that your information was impacted please call 1-833-783-1440 between the hours of 6 a.m. to 6 p.m. PT Monday through Friday.
Was this a ransomware attack?
Yes, Cypress College and Fullerton College experienced a ransomware attack. Cypress College and Fullerton College immediately took steps to confirm the security of their systems, including the deployment of an advanced threat protection and monitoring tool.
What if I want to speak to someone regarding this incident?
We have established a confidential assistance line for you to utilize if you have questions or concerns regarding this incident. Please call 1-833-783-1440 between the hours of 6 a.m. to 6 p.m. PT Monday through Friday.
What can I do to protect against identity theft or fraud?
Although NOCCCD has no indication at this time that any identify theft or fraud has occurred in relation to this event, the following are best practices to take after any data privacy event:
Monitor your financial statements carefully. If you see any unauthorized or suspicious activity, promptly contact your bank, credit union, or credit card company.
Monitor your credit reports for suspicious or unauthorized activity. Under U.S. law, you are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also contact the three major credit bureaus directly to request a free copy of your credit report.
Place a fraud alert on your credit file. You have the right to place an initial or extended "fraud alert" on your file at no cost. An initial fraud alert is a one-year alert that is placed on a consumer's credit file. Upon seeing a fraud alert display on a consumer's credit file, a business is required to take steps to verify the consumer's identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Contact the three major credit bureaus directly to place a fraud alert on your credit file.
Place a security freeze on your credit file. A security freeze will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report. Contact the three major credit bureaus directly to place a security freeze on your credit file.
Contact the Federal Trade Commission and your state Attorney General. You may contact the Federal Trade Commission and Attorney General for the state where you reside to learn more about identity theft, fraud alerts, security freezes, and other steps you can take to protect yourself. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580, www.identitytheft.gov, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261.
Report incidents of suspected or actual identity theft or fraud. If you were, or believe you may have been, a victim of theft or fraud, you are encouraged to report that activity to law enforcement, the Federal Trade Commission, and your state Attorney General.
There are fraudulent charges on my credit/debit card. What do I do?
At this time, the District has no indication that credit/debit card information was specifically impacted by this incident. However, you should immediately contact your bank or financial institution if you identify any fraudulent or suspicious charges on your credit or debit card. They will provide instructions on how to dispute the charges and have a new account issued to avoid any further suspicious activity. Incidents of identity theft should also be reported to your local law enforcement.
Should I check my credit report?
You should monitor your credit report regularly regardless of whether your information may have been exposed or you think you may be a victim of identity theft or fraud. Every U.S. consumer over the age of 18 can receive one free credit report every 12 months by contacting one of the three national credit bureaus or through the Annual Credit Report Service by visiting www.annualcreditreport.com or calling toll-free, 1-877-322-8228.
What is the purpose of a "fraud alert"?
A fraud alert tells creditors to contact you before they open a new credit account under your Social Security number. An initial fraud alert is a one-year alert that is placed on a consumer's credit file at no cost to the consumer. Upon seeing a fraud alert display on a consumer's credit file, a business is required to take steps to verify the consumer's identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should you wish to place a fraud alert, please contact any one of the following agencies:
Equifax Experian TransUnion
https://www.equifax.com/personal/credit-report-services/ https://www.experian.com/help/ https://www.transunion.com/credit-help
1-888-298-0045 1-888-397-3742 1-833-395-6938
Equifax Fraud Alert, P.O. Box 105069 Atlanta, GA 30348-5069 Experian Fraud Alert, P.O. Box 9554, Allen, TX 75013 TransUnion Fraud Alert, P.O. Box 2000, Chester, PA 19016
What is the purpose of a security freeze?
A security freeze will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. You should, however, be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report. Should you wish to place a security freeze, please contact the major consumer reporting agencies:
Equifax Experian TransUnion
https://www.equifax.com/personal/credit-report-services/ https://www.experian.com/help/ https://www.transunion.com/credit-help
1-888-298-0045 1-888-397-3742 1-833-395-6938
Equifax Credit Freeze, P.O. Box 105788 Atlanta, GA 30348-5788 Experian Credit Freeze, P.O. Box 9554, Allen, TX 75013 TransUnion Credit Freeze, P.O. Box 160, Woodlyn, PA 19094
I think I may be a victim of identity theft. What should I do?
If you believe you are a victim of attempted or actual identity theft or fraud, we encourage you to take the following steps:
Contact your financial institution to protect or close any accounts that have been tampered with or opened fraudulently.
Contact the credit reporting agencies to place a "fraud alert" or a "credit freeze" on your credit reports.
File a police report and ask for a copy for your records.
File a complaint with the Federal Trade Commission at: https://www.identitytheft.gov/.
File a complaint with your state Attorney General.
Keep good records.
Keep notes of anyone you talk to regarding this incident, what they told you, and the date of the conversation.
Keep originals of all correspondence or forms relating to the suspicious activity, identity theft, or fraud.
Retain originals of supporting documentation, such as police reports and letters to and from creditors; send copies only.
Keep old files, even if you believe the problem is resolved.
