Merced College Provides Notice of Data Breach to Students Following Malware Attack | Console and Associates, P.C.

On March 9, 2023, Merced College (“MCCD”) filed a notice of data breach with the Attorney General of California after learning that a malware attack resulted in confidential student information being exposed to an unauthorized party. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, addresses and other Personally Identifying Information (“PII”). After confirming that consumer data was leaked, Merced College began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.

If you received a data breach notification from Merced College, it is essential you understand what is at risk and what you can do about it. As we’ve previously reported, hackers have shown an increased interest in targeting schools, colleges and universities; however, these institutions have been slow to adjust to the increased threat. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Merced College data breach, please see our recent piece on the topic here.

What We Know So Far About the MCCD Data Breach

The available information regarding the Merced College breach comes from the company’s filing with the Attorney General of California. According to this source, on November 3, 2022, MCDD noticed that some of the organization’s computer systems had been encrypted. Further investigation revealed that the devices were encrypted as a result of a malware attack. In response, MCCD launched an investigation into the incident to determine what, if any, student and faculty information was leaked as a result.

The Merced College investigation confirmed that an unauthorized party had gained access to the school’s IT network between October 25, 2022 and November 3, 2022. It was also determined that some of the files that were accessible to the unauthorized party contained confidential information belonging to certain students and faculty members.

Upon discovering that sensitive consumer data was made available to an unauthorized party, Merced College began to review the…