Legal Notices > Data Privacy Incidents > Notice of Data Privacy Incident (Feb. 22, 2017)

Notice of Data Privacy Incident (Feb. 22, 2017)

On June 12, 2017, Dallas County Community College District ("DCCCD") provided notice regarding a recent data privacy incident affecting certain DCCCD email accounts.  Although DCCCD mailed written notice about this incident and its response to potentially affected individuals, there were some potentially affected individuals identified for whom no valid contact information could be determined.  Should you believe you may be affected by this incident or have any questions about the incident, you can review the below notice and contact our dedicated call center hotline at 888-721-6297, Monday through Friday, 8:00 a.m. to 8:00 p.m. Central Time.

What Happened?  On February 22, 2017, DCCCD became aware of a “phishing” email sent to certain DCCCD staff and student email accounts.  That email was fraudulently written to appear as if it was sent by our IT department and prompted recipients to enter their email account username and password.  DCCCD immediately launched an investigation and began working with an outside computer forensics expert to confirm the security of our systems and determine whether protected information was impacted as a result of this incident.  It was determined that certain DCCCD employee email accounts were logged into by an unauthorized individual in relation to this incident, and that some of these email accounts contained personal information.  Additional evidence was found indicating that the unauthorized individual may have forwarded certain email messages that were incoming to those email accounts to an unauthorized outside email account.  Our investigation has found no other compromise of our information systems aside from the unauthorized access to the employee email accounts.

What Information Was Involved?  Our investigation determined that the following types of personal information relating to potentially affected individuals may be at risk because they were contained within email messages and/or electronic attachments stored within one or more of the compromised employee email accounts: name, Social Security number, drivers license or state identification card number, bank account information, credit/debit card information, medical information, or passport information.

What We Are Doing.  At DCCCD we take the privacy and security of the personal information within our care very seriously.  We investigated this incident with the help of an outside computer forensics expert.  We changed the credentials for impacted email accounts and are taking steps to enhance data security protections and protect against similar incidents in the future. 

What You Can Do If You Believe You May Be Affected.  You can contact our dedicated call center hotline at 888-721-6297, Monday through Friday, 8:00 a.m. to 8:00 p.m. Central Time, to confirm whether you are among those individuals determined to be potentially affected.  You can also review the enclosed Steps You Can Take to Protect Against Identity Theft and Fraud, which includes guidance on steps you can take to better protect against the possibility of fraud and identify theft.

For More Information: We recognize that you may have questions that are not answered in this notice, or you may wish to confirm whether you are affected by this incident.  If so, you can contact our dedicated call center hotline at 888-721-6297, Monday through Friday, 8:00 a.m. to 8:00 p.m. Central Time.

Steps You Can Take to Protect Against Identity Theft and Fraud

If you believe you may have been affected in relation to this incident, you may take action directly to further protect against possible identity theft or financial loss.  We encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports and explanation of benefits forms for suspicious activity.  Under U.S. law you are entitled to one free credit report annually from each of the three major credit reporting bureaus.  To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228.  You may also contact the three major credit bureaus directly to request a free copy of your credit report.

At no charge, you can also have these credit bureaus place a “fraud alert” on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name.  Note, however, that because it tells creditors to follow certain procedures to protect you, it may also delay your ability to obtain credit while the agency verifies your identity.  As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file.  Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.

Equifax
P.O. Box 105069
Atlanta, GA 30348
800-525-6285
equifax.com

Experian
P.O. Box 2002
Allen, TX 75013
888-397-3742
experian.com

TransUnion
P.O. Box 2000
Chester, PA 19016
800-680-7289
transunion.com

You may also place a security freeze on your credit reports.  A security freeze prohibits a credit bureau from releasing any information from a consumer’s credit report without the consumer’s written authorization.  However, please be advised that placing a security freeze on your credit report may delay, interfere with, or prevent the timely approval of any requests you make for new loans, credit mortgages, employment, housing, or other services.  If you have been a victim of identity theft, and you provide the credit bureau with a valid police report, it cannot charge you to place, lift or remove a security freeze.  In all other cases, a credit bureau may charge you a fee to place, temporarily lift, or permanently remove a security freeze.  You will need to place a security freeze separately with each of the three major credit bureaus listed above if you wish to place a freeze on all of your credit files.

To find out more on how to place a security freeze, you can use the following contact information:

Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348
1-800-685-1111
freeze.equifax.com

Experian Security Freeze
P.O. Box 9554
Allen, TX 75013
1-888-397-3742
experian.com/freeze/center.html

TransUnion
P.O. Box 2000
Chester, PA 19022-2000
1-888-909-8872
transunion.com/credit-freeze/place-credit-freeze

Instances of known or suspected identity theft should be reported to law enforcement, your Attorney General, and the FTC.  You can further educate yourself regarding identity theft, and the steps you can take to protect yourself, by contacting your state Attorney General or the Federal Trade Commission.  The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them.  The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue, NW, Washington, DC 20580, www.ftc.gov/idtheft, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261. You can also further educate yourself about placing a fraud alert or security freeze on your credit file by contacting the FTC or your state’s Attorney General.