The community college, once aware of the cyber attack that shut down the NVC website and network systems, worked with a third-party forensic firm to investigate, the letter says. On Aug. 18, the college subsequently discovered "a limited amount of personal information may have been accessed by an unauthorized third party in connection with this incident."
According to the letter, the information that could have been accessed may have included first and last names, as well as Social Security numbers and other data elements. Only those who may have had their information compromised were sent letters, according to NVC spokesperson Holly Dawson.
"Our forensic investigators discovered that a limited amount of personal information may have been accessed by an unauthorized party in connection with the recent cyber attack/ransomware incident," Dawson said in an email. "At this time, there is no indication that any information has been misused. However, Napa Valley College provided notice to all potentially impacted individuals out of an abundance of caution and so that they could take steps to safeguard their information if they so determined."
Dawson noted that NVC followed steps outlined by the California Department of Education, and that the department was satisfied with the response. The letter says NVC staff immediately took steps to secure its systems once it learned of the attack, and has worked to enhance network security to prevent similar intrusions.
It was not immediately known whether those receiving the letter were primarily students, faculty members or college employees.
The college also arranged for those who received the letter to enroll in an online credit monitoring service for 12 months, as well as protective fraud assistance if any recipients become victims of fraud.
©2022 Napa Valley Register, Calif. Distributed by Tribune Content Agency, LLC.