Data security: notice to current and former students and staff

August 17, 2018

Eastern Maine Community College is notifying current and former students and employees that certain computers at the college were recently infected with malware. Although EMCC has not identified any direct loss of data as a result of the infection, some usernames and passwords associated with college domain and email accounts along with personally identifiable information (name, address, Social Security Number, date of birth) may have been accessed by an unauthorized party.

Out of an abundance of caution, the college is notifying some 42,000 current and former students and employees of the possibility that personal information was exposed as a result of the infection. The group includes individuals who attended EMCC between summer 1998 and summer 2018 or were employed by the college between 2008 and 2018. The college is making available free credit monitoring and identity restoration services to these individuals.

EMCC has reported the incident to law enforcement, undertaken a thorough investigation of the incident and the college’s security protocols, and is currently following specific and detailed guidance from the National Cyber Awareness System to ensure that the infection is contained and does not recur.

Notification letters will be sent by U.S. Mail over the coming week and will include information on the free credit monitoring and identity restoration services being made available. If you think you may be among those whose information was included in this possible breach and have not received a notification letter by August 29, 2018, please contact 877-656-0515 (toll free) or call the college at 207-974-4700 for more information.

“We very much regret the inconvenience or concern this incident may cause,” said EMCC President Lisa Larson in announcing the possible breach. “EMCC takes seriously the protection of personal information, and our efforts to improve and strengthen our electronic security are ongoing. Unfortunately, institutions of all kinds around the world are increasingly subject to sophisticated and aggressive hacking tactics such as the one involved in this incident.”