On August 25, 2022, Napa Valley College confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on NVC’s network. According to NVC, the breach resulted in the names and Social Security numbers belonging to certain individuals being compromised. Recently, NVC sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Napa Valley College data breach, please see our recent piece on the topic here.
What We Know About the Napa Valley College Data Breach
According to an official notice filed by the company, the ransomware group launched an attack against Napa Valley College on or around June 10, 2022. The attack immediately impacted the functionality of the NVC network, causing the school’s website to become inaccessible and affecting its phone system and social media accounts. In response, NVC took the necessary steps to secure its network, reported the incident to law enforcement and launched an investigation into the incident.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, Napa Valley College then reviewed the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name and Social Security number.
On August 25, 2022, Napa Valley College sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Founded in 1942, Napa Valley College, formerly called Napa Junior College and Napa Community College, is a community college in Napa, California. The college offers a range of degrees in Accounting, Anthropology, Art History, Astronomy, Biology, business, chemistry, communication studies, computer science, criminal justice, Economics, English, Mathematics, Nursing, Philosophy, Political Science, Sociology, Theater and Viticulture and Winery Technology. Napa Valley College currently has approximately 6,881 students. Napa Valley College employs more than 538 people and generates approximately $29 million in annual revenue.
Why Consumers Must Take Special Care After a Breach Leaks Their Social Security Number
The Napa Valley College data breach resulted in affected parties’ names and Social Security numbers being leaked. Social Security numbers are one of the most frequently targeted data types in cyberattacks. In part, this is because of the relative ease with which hackers can use SSNs to carry out identity theft and other frauds.
Social Security numbers were first introduced by the Social Security Administration (“SSA”) in 1936 as a way for the SSA to track the earnings of citizens. However, because nearly every U.S. citizen has their own unique Social Security number, over time, they became a way for companies to validate a person’s identity, usually through the last four digits.
While the general practice has moved away from using Social Security numbers for identification, the government still uses them to track citizens’ income. Thus, employers and financial institutions will need a person’s Social Security number and often use these numbers to verify a customer’s identity. Additionally, the lack of another viable alternative means that other businesses also use this information.
In short, Social Security numbers are the “unofficial national identifier.” Thus, if someone with ill intent obtains your Social Security number, they can cause a lot of trouble. From opening bank accounts to taking out loans to filing taxes to receive your tax refund, criminals can keep busy with your Social Security number. Thus, it is essential for anyone whose Social Security number was leaked in a data breach to take the necessary precautions to prevent identity theft and other frauds to the extent possible.
The Federal Trade Commission provides some basic guidance for data breach victims whose Social Security numbers were compromised.
If a company offers free credit monitoring, take it up on the offer;
Frequently check your credit report for any unfamiliar or unauthorized charges;
Consider placing a credit freeze, which makes it much harder for a criminal to open up a loan or account in your name;
If you opt not to place a credit freeze, consider placing a fraud alert;
Try to file your taxes early to avoid tax identity theft;
Do not believe anyone who calls claiming to be from the IRS, even if they make threats or have your complete Social Security number; and
Continue to regularly check your credit report as well as your existing bank and credit card accounts.
Data breach victims who are concerned that their Social Security number may have ended up in the hands of a hacker or other bad actor should immediately reach out to a data breach lawyer to discuss their options. The United States data breach laws require any organization that stores Social Security numbers to do so with care. Those organizations that end up placing this sensitive data in the hands of criminals may be liable through a data breach lawsuit.