Posted On February 16, 2023 Consumer Privacy & Data Breaches
February 16, 2023 – Mount Saint Mary College (“MSMC”) filed a notice of a data breach with the Attorney General of Montana on February 7, 2023, after learning that an unauthorized party could access confidential student information stored in its computer network. According to the filing, an unauthorized party gained access to sensitive student information like first and last names, passport numbers, Social Security numbers, login information, and email addresses. Once it was confirmed that there was a data leak, MSMC sent out notification letters to all 17,924 individuals affected by the data security breach.
The data breach lawyers at Console & Associates, P.C. are actively investigating the MSMC data breach. If you have received a breach notification and are interested in learning about the risks of identity theft and what you can do to protect yourself, we are offering free consultations where we can discuss your legal options for receiving compensation from MSMC.
Mount Saint Mary College is a private Catholic college that specializes in degrees in the liberal arts. The institution offers 50 undergraduate programs and three graduate programs. Established in 1960 in Newburgh, New York, MSMC has over 2,700 students enrolled, employs over 564 people, and generates approximately $67 million in revenue yearly. The college also has a K-8 private school called Bishop Dunn Memorial School.
According to its filing with the Attorney General of California, MSMC determined that an unauthorized party had breached its computer network on December 20, 2022. As a result of the incident, MSMC launched an investigation with the help of IT specialists to determine the extent to which the information had been leaked.
After learning that the consumer data was exposed to a third party, MSMC’s next step was to review the files and determine what information was made available. The types of information exposed were first and last names, passport numbers, Social Security numbers, login information, and email addresses. While not consistent with each individual, any or all of the information listed may have been leaked due to the attack.
On February 7, 2023, MSMC sent out letters to all individuals whose sensitive information had been compromised.
If you receive a notice of a data breach from Mount Saint Mary College, it means your personal information was included in the data breach. Your name, Social Security number, passport number, and other confidential information may now be in the hands of an unknown party. Recent reports indicate that, in the second half of 2022, data breaches increased by over 50% more than in the same period the previous year.
Hackers often sell the information they accessed during a data breach on the dark web to make money or use it to steal identities. There aren’t really any preventative measures a consumer can take to avoid their information being leaked, but there are things that they can do to reduce the chances of their identity being stolen.
We’ve compiled a list of things you should do as soon as possible if your data has been leaked. This list is not comprehensive, and if your Social Security number has been leaked, you may want to take additional steps.
If your information has been leaked in a data breach, the college will send a letter informing those affected. Pertinent information on the attack is in these letters, like how your information was accessed, what the school is doing to protect your data in the future, and whether anyone affected has been the fraud or identity theft victim. Read the data breach letter carefully to get all of the information and use it to determine your next steps.
Once your information is stolen, hackers will move fast. If they wait too long, people have time to close their accounts before they can use the stolen information. The information accessed from MSMC might not have been all of the information the hackers needed to commit crimes. If that’s the case, they will need time to acquire all of the information, which could be weeks or months. Stay vigilant and keep checking your accounts for unauthorized activity.
MSMC is providing those affected by the data breach with a credit monitoring service free of charge. Credit monitoring alerts you of any suspicious activity on your accounts. They usually cost anywhere from $20 to $40 a month. Signing up with MSMC’s free service is an easy way to keep on top of your credit accounts. You don’t have to worry about whether a free credit monitoring service will affect your right to file a lawsuit against a company that was potentially negligent before the breach.
Unlike credit monitoring, credit freezes and fraud alerts are services provided free of charge by the major credit bureaus. A credit freeze stops companies from checking your credit without approval from you. While a credit freeze may seem extreme, the Identity Theft Resource Center reports that it is the most effective way to prevent fraud after your personal information has been leaked. A fraud alert informs companies checking your credit that someone may be attempting to use your information for fraudulent purposes.
If your information has been leaked in a data breach, you should change all passwords for any online account. Even if you know which accounts have been breached, change the passwords on all of them. Hackers can obtain essential information about a consumer through any account.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Mount Saint Mary College data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a portion of the letter sent to all affected individuals:
Dear [Redacted],
You are receiving this letter because you are a current or former student or employee of Mount Saint Mary College (“MSMC”) in Newburgh, New York. We are writing to inform you of an incident that may have exposed your personal information. MSMC takes the privacy of personal information seriously and wants to provide you with information and resources you can use to protect your information.
What Happened and What Information Was Involved:
On December 20, 2022, we detected and stopped a network security incident in which an unauthorized third party accessed and disabled some of our systems. We immediately engaged third-party forensic specialists to assist us with securing the network environment and investigating the extent of any unauthorized activity. Our investigation determined an unauthorized third party may have accessed certain individual personal information during this incident.
We found no evidence that your information has been specifically misused; however, it is possible that the following personal information could have been accessed by an unauthorized third party: first and last name; Social Security number; passport number; email address or username with password.
What We Are Doing:
Data security is one of our highest priorities. Upon detecting this incident we moved quickly to initiate a response, which included conducting an investigation with the assistance of IT specialists and confirming the security of our network environment. We notified law enforcement. We are wiping and rebuilding affected systems and taking steps to bolster our network security, as well as reviewing our policies, procedures, and network security software relating to the security of our systems and how we store and manage data.
We are offering access to Single Bureau Credit Monitoring/Single Bureau Credit Report/Single Bureau Credit Score services through Cyberscout, a Transunion company and a leading identity protection technology company. Cyberscout services include: twelve (12) months of credit monitoring and fully managed identity theft recovery services. With this protection, Cyberscout will help you resolve issues if your identity is compromised.
What You Can Do:
To enroll in Credit Monitoring services at no charge, please log on to [Redacted] and follow the instructions provided. When prompted please provide the following unique code to receive services:
[Redacted]. Cyberscout is available Monday through Friday, 8:00 a.m. to 8:00 p.m. EST. Please note in order for you to receive the monitoring services described above, you must enroll within 90 days from the date of this letter. The enrollment requires an internet connection and e-mail account and may not be available to minors under the age of 18 years of age. Please note that when signing up for monitoring services, you may be asked to verify personal information for your own protection to confirm your identity.
We encourage you to take full advantage of this service offering. Cyberscout representatives have been fully versed on the incident and can answer questions or concerns you may have regarding protection of your personal information.
Enclosed you will find additional information regarding the resources available to you, and the steps that you can take to further protect your personal information.
For More Information:
We recognize that you may have questions not addressed in this letter. If you have additional questions, please call 1-833-570-2891, Monday through Friday, 8:00 a.m. to 8:00 p.m. EST.
We value the security of the personal data that we maintain, and understand the frustration, concern, and inconvenience that this incident may have caused.
