Metropolitan Community College of Kansas City
Notice of Security Incident
August 12, 2020 – Metropolitan Community College of Kansas City ("MCCKC") takes seriously the privacy and security of its students and employees, and therefore wanted to timely release information regarding a data privacy incident involving name, Social Security number, drivers' license number, medical information and bank account information. Although we are not aware of any misuse of individual information, it is important to us that we provide information regarding this matter.
MCCKC recently discovered that it fell victim to a ransomware attack that resulted in certain data being encrypted. Following the incident, MCCKC immediately engaged a third party to conduct a forensic investigation with the objective of identifying the potential scope of access the threat actor may have had to the environment during the period of unauthorized access, which included arriving at a determination as to whether sensitive personal data was accessed by an unauthorized third party. The forensic investigation was recently completed and determined that an unauthorized individual may have had access to the MCCKC environment from March 10, 2020 through June 4, 2020.
The forensic investigation did not conclude or preclude that data was extracted from MCCKC's systems however, it is possible that certain personal data, including names, Social Security numbers, drivers' license information and medical information of former, prospective, and current students could have been accessed by an unauthorized party. The investigation further acknowledged that the names, Social Security numbers and bank account information of employees could have been accessible as well, however, there is no evidence that any personal information was extracted from MCC's systems or subject to actual or attempted misuse. Although the investigation did not find any specific access to any individual's information and MCCKC has no indication that data has been extracted from MCCKC's systems or misused, we have chosen to notify all potentially impacted parties of this incident out of an abundance of caution and in full transparency.
Following confirmation that an unauthorized individual did gain access to the MCCKC network, MCCKC immediately sought to identify the population of potentially impacted individuals. This was completed on June 19, 2020. Privacy of data is a top priority for MCCKC and due to our security posture, MCCKC did not lose access to its systems, backup systems, or other operational data. However, in an abundance of caution, MCCKC has implemented additional safeguards to further secure system information.
Beginning on August 11, 2020, individuals seeking additional information regarding this event may reach MCCKC's dedicated toll-free assistance line 855.907.2122 Monday through Friday, 8:00 a.m. to 8:00 p.m. Individuals may also visit MCCKC's website at mcckc.edu or contact MCCKC by mail at: 3200 Broadway Blvd, Kansas City, MO 64111.
Steps You Can Take to Protect Private Information
MCCKC encourages individuals to remain vigilant against incidents of identity theft and fraud, to review account statements, and to monitor credit reports for suspicious activity. If you see any unauthorized or suspicious activity, promptly contact your bank, credit union, credit card company, or insurance company.
Place a Security Freeze. You have the right to place a 'security freeze' on your credit report, which will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report. Should you wish to place a security freeze, please contact the major Consumer Reporting Agencies listed below:
In order to request a security freeze, you will need to provide the following information:
- Your full name (including middle initial as well as Jr., Sr., II, III, etc.);
- Social Security number;
- Date of birth;
- If you have moved in the previous five (5) years, provide the addresses where you have lived over the prior five years;
- Proof of current address, such as a current utility bill or telephone bill;
- A legible copy of a government issued identification card (state driver's license or ID card, military identification, etc.);
- If you are a victim of identity theft, include a copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft.
Place a Fraud Alert. As an alternative to a security freeze, you have the right to place an initial or extended 'fraud alert' on your file at no cost. An initial Fraud alert is a 1-year alert that is placed on a consumer's file. Upon seeing a fraud alert display on a consumer's file, a business is required to take steps to verify the consumer's identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should you wish to place a fraud alert, please contact any one of the Consumer Reporting Agencies listed below:
PO Box 9554
Allen, TX 75013
PA Box 2000
Chester, PA 19016
PO Box 105069
Atlanta, GA 30348
Additional Information. You can further educate yourself regarding identity theft, fraud alerts, security freezes, and the steps you can take to protect yourself by contacting the consumer reporting agencies, the Federal Trade Commission, or your state Attorney General.
The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW Washington, DC 20580, identitytheft.gov, 1.877.ID.THEFT (1.877.438.4338) and TTY: 1.866.653.4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. You can obtain further information on how to file such a complaint by way of the contact information listed above. You have the right to file a police report if you ever experience identity theft of fraud. Please note that in order to file a report with law enforcement for identity theft, you will likely need to provide some proof that you have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement and your state Attorney General. This notice has not been delayed by law enforcement.