Posted On February 18, 2023 Consumer Privacy & Data Breaches
February 18, 2023 – Paul Smith’s College filed a notice of a data breach with the Attorney General of Maine on February 17, 2023 after learning that an unauthorized party could access confidential student and employee information stored on the school’s computer network. According to the filing, an unauthorized party gained access to sensitive information like first and last names and Social Security numbers. Once it was confirmed that there was a data leak, Paul Smith’s College sent out notification letters to all 10,615 individuals affected by the data security breach.
The data breach lawyers at Console & Associates, P.C. are actively investigating the Paul Smith’s College data breach. If you are a student at or work at Paul Smith’s College and have received a breach notification, we are offering free consultations to anyone interested in learning about the risks of identity theft and what you can do to protect yourself, as well as discuss whether you can pursue a data breach lawsuit against Paul Smith’s College for compensatory damages.
Paul Smith’s College is a private college with one of the largest campuses in New York’s Adirondack State Park in Paul Smiths. The school offers many degree programs: five associate degree programs, over 20 bachelor’s degree programs, and one master’s degree program. Established in 1946, Paul Smith’s College employs over 50 highly qualified professors and has a student body of about 750. Paul Smith’s College employs over 214 people and generates approximately $30 million in revenue annually.
In its filing with the Attorney General of Maine, Paul Smith’s College determined that an unauthorized party had breached its computer network. It was then that Paul Smith’s College secured its computer system and began working with third-party cybersecurity specialists to investigate the attack to see the extent to which student and employee information had been leaked.
After learning that the consumer data was exposed to a third party on August 27, 2022, Paul Smith’s College’s next step was to review the files and determine what information was made available. The types of information exposed were names and Social Security numbers.
On February 17, 2023, Paul Smith’s College sent out letters to all individuals whose sensitive information had been compromised.
If you receive a notice of a data breach from Paul Smith’s College, it means your personal information was included in the data breach. Your name and Social Security numbers might now be in the hands of an unknown party.
Hackers often sell the information they accessed during a data breach on the dark web to make money or use it to steal identities. There aren’t any really preventative measures a consumer can take to avoid their information being leaked, but there are things that they can do to reduce the chances of their identity being stolen.
We’ve compiled a list of things you should do as soon as possible if your data has been leaked. This list is not comprehensive, and if your financial accounts or Social Security number has been leaked, you may want to take additional steps.
Schools will send a letter informing those affected if their information has been leaked in a data breach. Pertinent information on the attack is in these letters, like how your information was accessed, what the school is doing to protect your data in the future, and whether anyone affected has been the victim of fraud or identity theft. Read the data breach letter carefully to get all the information and use it to determine your next steps.
If your information has been leaked in a data breach, you should change all passwords for any online account. Even if you know which accounts have been breached, change the passwords on all of them. Hackers can obtain essential information about a consumer through any account.
Paul Smith’s College is providing those affected by the data breach with a credit monitoring service free of charge. Credit monitoring alerts you of any suspicious activity on your accounts. They usually cost anywhere from $20 to $40 a month. Signing up with Paul Smith’s College’s free service is an easy way to keep on top of your credit accounts. You don’t have to worry about whether a free credit monitoring service will affect your right to file a lawsuit against a company that was potentially negligent before the breach.
Once your information is stolen, hackers will move fast. If they wait too long, people have time to close their accounts before they can use the stolen information. The information accessed from Paul Smith’s College might not have been all of the information the hackers needed to commit crimes. If that’s the case, they will need time to acquire all of the information, which means it could be weeks or months until they use your information. Stay vigilant and keep checking your accounts for unauthorized activity.
Unlike credit monitoring, credit freezes and fraud alerts are services provided free of charge by the major credit bureaus. A credit freeze stops companies from checking your credit without approval from you. While a credit freeze may seem extreme, the Identity Theft Resource Center reports that it is the most effective way to prevent fraud after your personal information has been leaked. A fraud alert informs companies checking your credit that someone may be attempting to use your information for fraudulent purposes.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Paul Smith’s College data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a portion of the letter sent to the affected individuals:
Dear [Redacted],
We are writing with important information regarding a recent security incident. The privacy and security of the personal information we maintain is of the utmost importance to Paul Smith’s College. We wanted to provide you with information about the incident, explain the services we are making available to you, and let you know that we continue to take significant measures to protect your personal information.
What Happened?
We have learned that an unauthorized individual may have obtained access to the College’s network.
What We Are Doing.
Upon learning of this issue, we secured the accounts and commenced a prompt and thorough investigation in consultation with outside cybersecurity professionals who regularly investigate and analyze these types of situations. After an extensive investigation and manual document review, we discovered on January 26, 2023, that a limited amount of your personal information was contained in the accounts that were accessed on August 27, 2022.
What Information Was Involved?
The accessed network contained some of your personal information, including your [Redacted].
What You Can Do.
We have no evidence that any of your information has been or will be misused for identity theft. Nevertheless, to protect you from potential misuse of your information, we are offering a complimentary one-year membership of Experian IdentityWorksSM Credit 3B. This product helps detect possible misuse of your personal information and provides you with identity protection services focused on immediate identification and resolution of identity theft. IdentityWorks Credit 3B is completely free to you and enrolling in this program will not hurt your credit score. For more information on identity theft prevention and IdentityWorks Credit 3B, including instructions on how to activate your complimentary one-year membership, please see the additional information provided in this letter.
Also provided in the “Other Important Information” portion of this letter are precautionary measures you can take to protect your personal information, including placing a fraud alert and/or security freeze on your credit files, and/or obtaining a free credit report. Additionally, you should always remain vigilant in reviewing your financial account statements and credit reports for fraudulent or irregular activity on a regular basis. In addition, if this letter indicates that your medical information was impacted, we have included steps you can take to protect health-related information.
For More Information.
Please accept our apologies that this incident occurred. We are committed to maintaining the privacy of personal information in our possession and have taken additional robust precautions to safeguard it. We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal information.
