DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Dallas County Community College District notification of breach

Posted on September 5, 2018 by Dissent

From a notification submitted by the college’s external counsel to the New Hampshire Department of Justice:

On October 5, 2017, Dallas County Community College District identified unusual activity in an employee email account. Dallas County Community College District immediately changed the employee’s credentials and launched an investigation, with the assistance of a third-party forensic investigation firm, to determine what happened. As part of the investigation, it was determined that certain employee email accounts were subject to unauthorized access and certain email messages and attachments stored therein may have been accessed or acquired by unauthorized individual(s). The unauthorized access to the impacted email accounts ranged in time from September 14, 2017 to December 18, 2017.

After an exhaustive search of the impacted email accounts, which included a manual review ofdocuments to identify information contained therein, impacted individuals were identified as of May 29, 2018.

You may be thinking that it took them a long time (too long?) to stop the breach (from discovery on October 5 to December 18) and that it took them too long to identify impacted individuals (from discovery on October 5, 2017 to May 29, 2018). If you thought that was too long, you’ll probably also think it was too long from May 29 until they actually sent out notification letters to affected individuals on August 17, 2018.

Ten months from discovery of unusual activity to notification that your Social Security number was caught up in a breach. Does that seem reasonable or too long? In this day and age, it seems too long to me.

The number of affected individuals is also not provided in this notification and I was unable to find any coverage of this breach on the college’s web site or in a news search on Google.

The college is offering those affected monitoring and restoration services, but only for 12 months. Given that SSN is durable, is 12 months really enough protection? If I was one of those notified, I wouldn’t be a happy camper right now.

You can read the full notification to the state and to affected individuals here. It is not clear to me from the notification whether these are employees who are affected, students, vendors, or some combination. Nor is it clear how the attackers gained access to the employees’ email accounts.

 

Related posts:

  • Penn State College of Engineering hacked; China suspected in at least one attack (updated)
  • Privacy advocate files complaint with FTC over Maricopa County Community College District data breach
Category: Education SectorHackU.S.

Post navigation

← If an extension goes rogue, everything you do in your browser is compromised
North Korean Spy to Be Charged in Sony Pictures Hacking →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.