Napa Valley College suffers ransomware attack • LegalScoops

Students and faculty notified of data breach ⚖️

On or about June 10, 2022, Napa Valley College (“NVC”) suffered a ransomware attack and data breach that brought certain systems online and caused the college to take other systems offline.

NVC began reporting that it was experiencing a “technical issue that disrupted access” on June 10 and continued to post on social media about the impact of the disruption and its attempts to address it until June 10. June 27.

On June 25, 2022, Deputy Superintendent Jim Reeves said in a statement to the Napa Valley Registry that NVC has historically underinvested in its computer systems, but efforts were underway to improve them before the ransomware attack.

For a free privacy consultation, fill out the form below or call us at 1-844-BREACH8 (1-844-273-2248).

Daniel Vega, the NVC’s acting CIO, appointed just a day before the cyberattack, told the Register that “it was not how I expected to spend my first day in my new position, but management has reacted quickly to deal with the situation. and provide the support we needed.

The cyberattack disrupted faculty and staff email, delayed enrollment in fall classes, and temporarily blocked access to financial aid.

On July 1, 2022, the registry reported that some systems were back online and NVC was using workarounds to provide services to students. According to the registry, NVC is in the process of notifying current employees and students of the data breach and has arranged 12 months of free credit monitoring.

No further details on the nature of the cyberattack were shared by NVC, but the Ransomware group BlackByte appears to have taken credit for the attack.

(Screenshot of BlackByte leak page for NVC, last accessed 08/07/2022)

On February 11, 2022, four months before this attack, a joint cybersecurity advisory was issued by the Federal Bureau of Investigation and the US Secret Service titled Indicators of compromise associated with BlackByte Ransomware.

The advisory warns that in November 2021, BlackByte ransomware had compromised several US and foreign companies. The advisory contains a list of suspicious files that indicate when a system has been infiltrated by BlackByte, steps IT administrators can take to mitigate the impact of a BlackByte attack if they fail to completely prevent the attack , and additional resources.

On February 15, 2022, the Cybersecurity and Infrastructure Security Agency (“CISA”) issued a notification to draw attention to the notice. CISA encouraged organizations to review the notice and implement the recommended mitigations.

Companies should be held accountable for data breaches

“With ransomware groups more active than ever, it’s critical that organizations keep up to date with the latest FBI advisories to avoid falling victim to these schemes and quickly recognize if they’ve been compromised,” says April M. Strauss, California lawyer and Certified Information. Privacy professional.

“Individuals who have trusted organizations with their sensitive financial and personal data deserve to have that data kept safe, with the utmost attention to preventing known threats.”

For a free privacy consultation, fill out the form below or call us at 1-844-BREACH8 (1-844-273-2248).

Special California laws protect you from damage caused by data breaches

If you received a data breach notice from Napa Valley College, or if you believe you have been affected by the NVC ransomware attack, you may be entitled to between $100 and $1,000 plus actual damages resulting from the negligent disclosure of your confidential information.

California has unique state laws, including the California Consumer Privacy Act (CCPA) and the California medical information privacy law (CMIA) that compensate people whose confidential and sensitive data was accessed during ransomware events.

Participants in Data Breach Lawsuits May Obtain Damages, an injunction (to ensure that the company has reasonable security practices in place to prevent further disclosure of consumer data) and any other action deemed necessary by the court to compensate data breach victims and prevent that this damage does not reoccur.

A year of spoofing services may not be enough

‣ Electronic personal data does not degrade

Cybercrimes are an attractive target for hackers: data can be bought and sold anonymously, and the going rate per personal record is around $20 depending on the type of information, according to the Privacy Affairs Dark Web Index of 2021.

Some types of critical personal information — like social security numbers, names, and birth dates — are impossible, or nearly impossible, to change. Thieves can choose to wait years before capitalizing on compromised personal data.

The longer cyber thieves can go unnoticed, the more they profit from their illegal activities. So, once you know your data has been leaked, it is reasonable to take action lest your data be used to cause you significant financial loss.

Compromised data also increases the risk of hacking, phishing, and increased anxiety about future loss and identity theft.

For free information about your legal right to claim compensation, fill out the form below or call us at 1-844-BREACH8 (1-844-273-2248).

Steps you can take to protect yourself

  1. Buy credit monitoring services
  2. Order and review your credit reports – you are entitled to a free report from Experian, TransUnion and Equifax each year
  3. Regularly review your account statements for suspicious activity
  4. Placing a “fraud alert” with one of the three major credit bureaus
  5. Place a “security freeze” on your credit file
  6. Get an “Identity Protection Pin” from the IRS
  7. Secure legal representation

What is the difference between a “credit freeze” and a “fraud alert”?

A credit freeze is the most effective measure you can take to prevent fraudulent accounts being opened in your name. A credit freeze prevents a credit bureau from sharing your information with others. You can set up a credit freeze with each of the three major credit bureaus using the following links: Equifax, Experianand Transunion.

If you put a credit freeze in place, no one will be able to open new credit accounts in your name. You can still use your active credit cards with a freeze in place. Setting up a credit freeze costs nothing, lasts indefinitely, and won’t affect your credit score.

However, if your credit card information has been compromised, a credit freeze will not prevent a cyber thief from making purchases with your stolen card. Canceling the card and getting a new card with a different number is the only way to prevent such transactions from taking place.

You can also place a fraud alert on all of your credit reports. Fraud alerts are free and alert potential credit grantors that you may have been the victim of identity theft. They allow you to apply for new credit cards and other forms of credit without having to unlock your account.

Fraud alerts can last from one to seven years and can be lifted by you at any time. Once you set up a fraud alert at one credit bureau, it alerts the other two for you. You can set up a fraud alert with any of the three major credit bureaus using the following links: Equifax, Experianand Transunion.

What is an “Identity Protection PIN”?

An Identity Protection PIN (IP PIN) is a six-digit number issued by the US Internal Revenue Service to prevent others from using your Social Security number or individual tax identification number to fraudulently filing a tax return.

There is an online tool to obtain an IP PIN, as well as a slower process by mail or in person at a local Taxpayer Assistance Center. An IP PIN is only valid for one calendar year. At the end of the year, the IRS generates a new IP PIN for participating accounts.

More information about IP PIN codes can be found here.

We can help you exercise your rights under California law

Experimented data breach and class action lawyers can help you exercise your rights, assess your options and decide whether you should seek compensation under the CCPA or the CMIA. There are no out-of-pocket costs for you, as we only get paid if we win.

If you have received a data breach notice from NVC and are concerned about this breach of your personal data and what your options are, complete the following form or call us at 1-844-BREACH8 (1-844-273-2248).

Confidential • Free of charge • No obligation

Free Privacy Consultation

Comments are closed.