Posted On December 30, 2022 Consumer Privacy & Data Breaches
December 30, 2022 – After a “security incident” involving sensitive student information being compromised, Cincinnati State Technical Community College filed notice of a data breach with the Montana Attorney General on December 23, 2022.
According to the filing, an unauthorized party gained access to student information like full names and Social Security numbers, dates of birth, addresses, driver’s license of state ID numbers, financial account information, and health insurance information. Once it was confirmed that there was a data leak, Cincinnati State sent out notification letters to all individuals affected by the data security breach.
The data breach lawyers at Console & Associates, P.C. are actively investigating the Cincinnati State data breach. If you have received a breach notification and are interested in learning about the risks of identity theft and what you can do to protect yourself, we are offering free consultations where we can discuss your legal options for receiving compensation from Cincinnati State Technical Community College.
Cincinnati State Technical Community College is a public community and technical college that offers degrees and certificates in engineering and information technology, health and public safety, humanities and sciences, and business technologies. There are four campuses across Ohio, including Evendale, Middletown, Harrison, and Clifton. Originally founded in 1969 in Cincinnati, OH, Cincinnati State now has an academic staff of over 650 people, and has approximately 10,000 students. They also staff more than 1,100 people and generate approximately $41 million in revenue annually.
According to its filing with the Montana Attorney General, Cincinnati State determined that an unauthorized party had breached its computer network on November 2, 2022. No further details were given about how the unauthorized party gained access, but Cincinnati State disabled its network and worked with a third-party company specializing in cybersecurity to look into the incident.
After learning that the computer network was accessed by an unauthorized party between October 30, 2022 and November 2, 2022, Cincinnati State discovered that sensitive consumer data was exposed to a third party. The next step was to review the files and determine what information was made available. The types of information exposed were students’ full names and Social Security numbers, dates of birth, addresses, driver’s license of state ID numbers, financial account information, and health insurance information. While not consistent with each individual, any or all of the information listed may have been leaked due to the attack.
On December 23, 2022, Cincinnati State sent out letters to all individuals whose sensitive information had been compromised.
If you receive a notice of a data breach from Cincinnati State, it means your personal information was included in the data breach. Your personal information may have been accessed by hackers who use the information to commit a range of crimes, including identity theft.
Hackers target schools and employ specific tactics to obtain the information in their computer systems. Though their methods may be sophisticated, if a school or university’s security is up to date, most attempts can be prevented. If there is evidence of negligence on the part of Cincinnati State in the handling of student information, such as storing it incorrectly, or in keeping security systems updated, it can be held liable for damages to the victims of the breach.
It is not known at this time whether there has been any negligence on the part of Cincinnati State as it can be difficult to determine the exact cause of the leak.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Cincinnati State data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a copy of the initial data breach letter issued by Cincinnati State Technical Community College (here is the actual notice sent to consumers):
Dear [Redacted],
The privacy and security of the personal information we maintain is of the utmost importance to Cincinnati State Technical Community College. We are writing with important information regarding a recent security incident that may have involved your personal information. We want to provide you with information about the incident, explain the services we are making available to you and let you know that we continue to take significant measures to protect your information.
What Happened?
On November 2, 2022, Cincinnati State Technical Community College detected unauthorized access to our network as a result of a cybersecurity incident that resulted in the potential exposure of data we maintain.
What Has Been Done
Upon learning of this issue, we contained the threat by disabling all unauthorized access to our network and restoring our systems as needed. We immediately launched an investigation in consultation with outside cybersecurity professionals who regularly investigate and analyze these types of situations to analyze the extent of any compromise to our network. We also reported this incident to law enforcement. As a result of the forensic investigation, we discovered on November 15, 2022 that certain files were removed from our network between October 30, 2022 and November 2, 2022 that contained some of your personal information.
What Information Was Involved.
The data that was removed from our network included your [redacted]. As of now, we have no evidence indicating any of your information has been used for identity theft or financial fraud.
What You Can Do.
We have no evidence that the unauthorized party actually has used any information involved for identity theft or financial fraud. Nevertheless, out of an abundance of caution, we want to make you aware of the incident. To protect you from potential misuse of your information, we are offering access to Single Bureau Credit Monitoring services at no charge. These services provide you with alerts for twelve months from the date of enrollment when changes occur to your credit file. This notification is sent to you the same day that the change or update takes place with the bureau. Finally, we are providing you with proactive fraud assistance to help with any questions that you might have or in event that you become a victim of fraud. These services will be provided by Cyberscout through Identity Force, a TransUnion company specializing in fraud assistance and remediation services. For information about how to enroll in these services, please see the Other Important Information section of this letter.
This letter also provides other precautionary measures you can take to protect your personal information, including placing a fraud alert and security freeze on your credit files, and obtaining a free credit report. Additionally, you should always remain vigilant in reviewing your financial account statements and credit reports for fraudulent or irregular activity on a regular basis.
For More Information.
Please accept our apologies that this incident occurred. We are committed to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it. We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal information.
If you have any further questions regarding this incident, please call our dedicated and confidential toll-free response line that we have set up to respond to questions at This response line is staffed with professionals familiar with this incident and knowledgeable on what you can do to protect against misuse of your information. The response line is available Monday through Friday, 9:00 am to 9:00 pm ET, excluding holidays.
