Posted On January 12, 2023 Consumer Privacy & Data Breaches
January 12, 2023 – Knox College filed a notice of a data breach with the various attorney general’s offices on January 3, 2023 after learning of a ransomware attack on its computer network. According to the filing, an unauthorized party gained access to sensitive student and faculty information like full names, addresses, dates of birth, Social Security numbers, passport numbers, and driver’s license numbers. Once it was confirmed that there was a data leak, Knox College sent out notification letters to all 63,000 individuals affected by the security breach.
The data breach lawyers at Console & Associates, P.C. are actively investigating the Knox College data breach. If you have received a breach notification and are interested in learning about the risks of identity theft and what you can do to protect yourself, we are offering free consultations where we can discuss your legal options for receiving compensation from Knox College.
Knox College is a private liberal arts college that offers 42 majors and 57 minors, including Law, Art History, Biology, Nursing, Psychology, and Economics, just to name a few. Originally founded in 1837 in Galesburg, Illinois, Knox College now employs over 350 people, has a student body of approximately 1,200, and generates approximately $82 million in revenue annually.
According to its filing with the Attorney General of Montana, Knox College detected suspicious activity on the school network on November 24, 2022. Knox College secured its network and launched an investigation, with the help of a third-party cybersecurity company, to determine the extent to which student and faculty information had been leaked.
After learning that the consumer data was exposed to a third party, Knox College’s next step was reviewing the files and determining what information had been made available. The types of information exposed were student and faculty full names, addresses, dates of birth, Social Security numbers, passport numbers, and driver’s license numbers. While not consistent with each individual, any or all of the information listed may have been leaked due to the attack.
On January 3, 2023, Knox College sent out data breach notification letters to all affected individuals.
A ransomware attack is a cyberattack that involves hackers installing malicious software on a company’s computer network. This software is called malware and encrypts the data and restricts the company from accessing its own network. Encryption is when files are encoded and prevents anyone who doesn’t have the means to decrypt them from accessing them.
The “ransom” part comes into it when the hackers leave a message for the company to pay a fee for the release of the files. If the fee is paid, the files will be decrypted, and the attack will end.
Lately, however, hackers have gotten more malicious with their threats. If a company has backups of its files, a lot of the incentive to pay the ransom is gone. So, hackers have begun implementing a technique called “double extortion.” They encrypt the files and threaten to release them onto the dark web, where anyone can use the information to commit fraud and identity theft if the company refuses to pay.
Ransomware attacks are preventable if data security systems are up-to-date and maintained well. Hackers take advantage of antiquated technology by seeking and exploiting vulnerabilities. If technology is up to date, companies can detect and prevent attacks before they happen.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Knox College data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a portion of the letter sent out to affected individuals:
We are writing to inform you of a data security incident that may have affected your personal information. Knox College (“Knox”) takes the privacy and security of your personal information very seriously. This is why we are informing you of this incident, providing you with steps you can take to help protect your personal information, and offering you complimentary credit monitoring and identity protection services.
What Happened: On November 24, 2022, Knox discovered unusual network activity and learned that it was the victim of a ransomware attack. We immediately took steps to secure our network and initiated an investigation with the assistance of cybersecurity experts. The investigation revealed that an unknown actor gained access to and obtained data from the Knox network without authorization on or around November 24, 2022. On December 7, 2022, after a comprehensive review of the potentially impacted data, Knox determined that personal information may have been involved. Since that time, Knox has worked diligently to identify current contact information needed to notify all potentially affected individuals.
What Information Was Involved: The information affected may have included your name, address, date of birth, Social Security number, driver’s license number, and passport number.
What We Are Doing: As soon as Knox discovered the incident, we took the steps referenced above. In addition, we reported the incident to the Federal Bureau of Investigation and will cooperate with any investigation. We also implemented additional security features to reduce the risk of a similar incident occurring in the future and will continue to evaluate ways to further enhance the security of our network as the investigation progresses. Additionally, we are providing you with information about steps you can take to help protect your personal information.
In addition, we are offering you complimentary credit monitoring and identity protection services for [Redacted] months through IDX, a national leader in identity protection services. The IDX services, which are free to you upon enrollment, include a subscription for the following: single bureau credit monitoring, CyberScan dark web monitoring, fully-managed identity recovery services, and $1 million in identity theft insurance coverage. With this protection, IDX will help you resolve issues if your identity is compromised
What You Can Do: Please review this letter carefully, along with the guidance included with this letter about additional steps you can take to protect your information. In addition, we encourage you to enroll in the credit monitoring and identity theft protection services we are offering through IDX. To receive credit monitoring services, you must be over the age of 18 and have established credit in the U.S., have a Social Security number in your name, and have a U.S. residential address associated with your credit file.
You can enroll in the free IDX identity protection services by calling 1-833-758-4141 or going to [Redacted] and using the Enrollment Code provided above. IDX representatives are available Monday through Friday from 8:00 a.m. to 8:00 p.m. Central Time. Please note the deadline to enroll is April 3, 2023.
For More Information: If you have questions or need assistance, please call 1-833-758-4141, Monday through Friday from 8:00 a.m. to 8:00 p.m. Central Time. IDX representatives are fully versed on this incident and can help answer questions you may have regarding the protection of your information.
On behalf of Knox, thank you for your understanding about this incident.