DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Meridian Community College discloses a breach that was discovered in January

Posted on September 6, 2019 by Dissent

A breach notification by Meridian Community College demonstrates once again, why entities should make determined efforts not to leave emails in employee accounts that may have personally identifiable information in attachments or the emails themselves.

In this case, the types of personal information included name, Social Security number, driver’s license number, passport number, date of birth, username or email and password, medical treatment information or health insurance information. Not all data types were involved for all individuals.

Consider this chronology,  based on their notification:

Late January — MCC becomes aware of a phishing incident that resulted in the compromise of certain user credentials, commences investigation, and works with third-party forensics firm.

April 12, 2019 — Investigators cannot rule out access to certain employee email accounts, so MCC begins manually reviewing all emails and attachments in compromised email accounts.

June 25, 2019 — Manual review concluded, MCC begins trying to track down contact information for those who need to be notified.

September 5 — MCC issues press release.

That’s a lot of time and personnel resources and cost  for an incident in which you don’t even have any clear evidence as to what – if anything – was accessed.  Suppose there had been less emails in those accounts? How much time and money could MCC have saved?

Related posts:

  • Penn State College of Engineering hacked; China suspected in at least one attack (updated)
Category: Education SectorHackHealth DataU.S.

Post navigation

← Andy Frain Services reports stolen laptop, but were they also hacked?
Oh good grief, Saturday edition →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.