People involved with Franklin College may have had personal data revealed to hackers that breached the school’s network with a malicious code attack.
The attack occurred on Jan. 21, and college officials held back information to determine through an investigation what data might have been taken. After an investigation was completed in June, college officials sent out a letter to individuals who could have been impacted on Aug. 29. The letter says information taken may have included the names and driver’s license or state identification numbers of people involved with Franklin College.
Information taken in the breach may also include social security numbers, according to Turke and Strauss LLP, a Madison, Wisconsin-based data breach law firm investigating the breach.
The breach may have affected more than 5,900 people, suggesting it wasn’t limited to current students and staff members.
Once school leaders knew of the breach, they worked with local and national information technology and cybersecurity experts to investigate it, college spokesperson Deidra Baumgardner said in a statement.
“While the college is unaware of the misuse of any impacted information as a result of this incident, it is offering free credit monitoring services to all impacted individuals out of an abundance of caution,” Baumgardner said. “The college has reported the incident to law enforcement and will provide further comments when appropriate, without compromising any investigation.”
In response to the attack, college officials are offering an identify theft protection service through IDX, a Portland, Oregon-based identity protection company. That protection includes 12 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy and fully managed identity theft recovery services, according to the letter.
College officials are advising students to contact their bank or credit card company if they notice any suspicious activity or suspected identity theft. Students may also consider placing a fraud alert on their credit report or a security freeze on their credit file free of charge, according to the letter.
People who were notified of their data being compromised should retain the letter from the college, enroll in the free credit monitoring service mentioned in the letter, change their passwords and security questions, review their account statements and reports for identity theft, fraud and unauthorized activity, and request a temporary fraud alert, according to Turke and Strauss.
School officials didn’t answer further questions about the data breach, such as which groups of people outside of the current staff and student body may have been affected, as well as the timing of them notifying those people.