FAQs
What happened?
An unauthorized third party accessed a small number of Clackamas Community College computer systems and encrypted files on the network. In response, Clackamas launched an investigation in consultation with federal law enforcement and outside experts specializing in cybersecurity incidents.
The investigation has determined that some files from the Clackamas data server were copied during the incident. CCC reviewed the files and is notifying individuals whose personal information was included in the files.
Who did this?
This incident was perpetrated by an unauthorized third party that accessed the CCC computer network. We do not know the identity of the individual or individuals responsible for this incident.
Did you notify law enforcement?
Yes, CCC immediately notified law enforcement and worked collaboratively on the investigation. The FBI recently announced that law enforcement has disrupted the operations of the threat actor group responsible for the incident at the college.
Why was I notified?
Clackamas takes the privacy and confidentiality of the information in its control seriously. If you receive a notification letter in the mail from CCC, it is likely because the investigation found that your personal information was contained in one of the copied files.
When did you learn about this?
The incident was discovered on Jan. 19, 2024, but we did not learn that your information was potentially involved until Feb. 29, 2024. Once it was determined which individuals’ personal information was involved, CCC worked to locate addresses and mail notification letters to individuals as quickly as possible.
Why wasn’t I contacted sooner?
CCC recently completed its review of the files. Data reviews of this nature take some time to complete when done right. We are notifying individuals as quickly as possible.
What specific information of mine may have been compromised?
CCC is not aware of any fraud or identity theft to any individual as a result of this incident. Nevertheless, as part of its investigation, we searched for any personal information that could have been viewed as a result of the incident. Based on its investigation, the third party may have accessed and acquired the information identified in your specific notification letter.
Are the rest of Clackamas Community College’s systems secure?
Yes. The incident only involved access to a small number of systems on the college’s network. We engaged third-party experts to review our systems and confirm that the incident was contained. We are continuing to explore additional improvements to continue to harden its network and have not identified any evidence of ongoing unauthorized access to its network.
I did not receive a notice. Why did only some people receive notices about the incident?
Based on its investigation, CCC determined that the incident only involved a limited number of individuals’ personal information.
Will this affect my service/education at Clackamas Community College?
No.
How many people were affected?
The college’s investigation did not find any evidence of fraud or identity theft to any individual; however, because the unauthorized third party took files from the college’s environment, we are notifying any individual whose information was contained in one of the relevant files.
Why was my personal information contained on CCC’s systems?
CCC stores personal information for various reasons, including human resource functions, student administration and finance purposes. The servers involved in this incident were generally used by CCC administration, students and faculty for general file storage.
What are you going to do to prevent this from happening again?
The security of personal information is of the utmost importance to Clackamas Community College. Clackamas had security measures in place before this incident, and it will continue to take reasonable steps to enhance the security of its systems to safeguard personal information.
Is there anything else I should do to protect myself?
We understand the situation may be a cause for concern. As a general precaution, we recommend you regularly monitor your financial statements and credit reports. If you detect any suspected incidents of fraud or identity theft, we recommend that you immediately report them to the financial institution that holds that account and to local law enforcement.
You may consider the following best practices to help protect your information:
Review your credit card and bank account statements. If you detect suspicious activity, promptly notify the financial institution and report any fraudulent activity or suspected identity theft to the police and your state’s attorney general, as well as the FTC at www.ftc.gov/idtheft.
Obtain and review your credit report. These are available from the three national credit reporting agencies, Equifax, Experian, or TransUnion. To order your annual free report, please visit www.annualcreditreport.com, call toll free at 1-877-322-8228.
Consider placing a fraud alert on your credit report. A fraud alert is free and will stay on your credit report for one (1) year. The alert informs creditors of possible fraudulent activity and requests that the creditor contact you before establishing any new accounts in your name. Additional information is available at www.annualcreditreport.com.
Consider placing a credit freeze. You may have the right to place a credit freeze, also known as a security freeze, on your credit file, so that no new credit can be opened in your name without the use of a PIN that is issued to you when you initiate the freeze. A credit freeze can be placed without any charge and is designed to prevent potential credit grantors from accessing your credit report without your consent. If you place a credit freeze, potential creditors and other third parties will not be able to get access to your credit report unless you temporarily lift the freeze. Therefore, using a credit freeze may delay your ability to obtain credit. Unlike a fraud alert, you must separately place a credit freeze on your credit file at each credit reporting company. Please contact the three major credit reporting companies as specified below to find out more information:
Equifax Security Freeze
1-888-298-0045
P.O. Box 105788
Atlanta, GA 30348
Experian Security Freeze
1-888-397-3742
P.O. Box 9554
Allen, TX 75013
TransUnion Security Freeze
1-888-909-8872
P.O. Box 160
Woodlyn, PA 19094
Be vigilant about phishing scams. Watch for unusual activity in your emails and be especially cautious of emails that look suspicious.
Do not click on links in email or text communications. They may be malicious or part of a phishing scam.
Review your cyber hygiene. As is always good practice, change your passwords on email accounts. Use difficult-to-guess passwords and avoid using the same passwords
How will I know if my information was used by someone else?
The Federal Trade Commission has published tips for people on protecting their identity. These tips include warning signs of identity theft and can be found on the FTC website at www.ftc.gov/idtheft.