Data Incident Notice
Simpson University recently identified suspicious activity in certain Simpson University employee email accounts. Upon discovering the activity, we promptly secured the email accounts and began an internal investigation. We also engaged a forensic security firm to further investigate and confirm the security of our email and computer systems. This investigation determined that an unauthorized party temporarily gained access to certain of these email accounts between July 29, 2021 and Septermber 17, 2021. While we are not aware any fraudulent activity or misuse of information as a result of the incident, we are posting this Notice to alert you of what happened.
The investigation into this incident identified no indication that the unauthorized party actually viewed or acquired any personal information while accessing the accounts. Nevertheless, as part of the investigation, an intensive search for any personal information in the email accounts that the unauthorized party could have viewed was undertaken. On February 1, 2022, based on that review, we determined that the accounts contained some individuals' personal information. The type of information at issue varied for each individual, but may have included name, date of birth, Social Security number, passport number, driver's license number/state ID number, student ID number, financial account number, debit/credit card number, username /email address with password, health insurance information, and/or medical treatment or diagnosis information. The accounts may also have contained information from involved students' education record, such as a student's major and year in school (e.g., Freshman or Sophomore). The investigation did not find evidence confirming that the unauthorized party actually viewed any of this information.
On June 9th, 2022, Simpson University mailed written notification letters to the individuals whose personal information was contained in the accounts and for whom we have mailing addresses. Individuals should refer to the notice they will receive in the mail regarding steps they can take to protect themselves. As described in those letters, we have arranged for complimentary identity theft protection services for those individuals whose Social Security numbers or driver's license numbers were involved in the incident.
As a precautionary measure, involved individuals should remain vigilant to protect against potential fraud and/or identity theft by, among other things, reviewing their account statements, monitoring their credit reports closely, and notifying their financial institutions if unusual activity is detected. They should also promptly report any fraudulent activity or suspected identity theft to proper law enforcement authorities, including the police and their state's attorney general. Affected individuals may also wish to review the tips provided by the Federal Trade Commission (“FTC”) on fraud alerts, security/credit freezes and steps that they can take to avoid identity theft. For more information and to contact the FTC, please visit www.ftc.gov/idtheft or call 1-877-ID-THEFT (1-877-438-4338). Affected individuals may also contact the FTC at: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
Contact information for the three national credit reporting agencies is as follows:
Equifax 1-800-349-9960 P.O. Box 105788 Atlanta, GA 30348 |
Experian 1-888-397-3742 P.O. Box 9554 Allen, TX 75013 |
TransUnion 1-800-888-4213 P.O. Box 1000 Chester, PA 19016 |
Simpson University takes the security of indviudals' personal information very seriously and apologizes for any inconvenience or concern this incident might cause. Additional information is available via a confidential, toll-free inquiry line at (855) 503-3401 PST, Monday - Friday.