Data Security Incident FAQ's

Read the full press release here.

I received a letter from the college-- Is this a real threat?

We are unaware of any attempted or actual misuse of personal information, but out of an abundance of caution we are providing an update to our community to ensure awareness of the incident and recommended steps to monitor your identity, financial accounts, and credit, should you feel it is necessary to do so. 

What happened?

A portable storage device was used to transfer files to a new computer within the Office of Admissions. Mistakenly, the files were not deleted from the device and the device was left in a campus computer lab. The drive was returned to the college’s Information Systems department and an analysis of the data was begun. At this time there is no evidence anyone accessed the drive or any evidence of malicious activity. 

What data was contained on the device? What data was involved in the incident?

The files included personally identifiable information provided to the college’s offices of admissions and financial aid, such as names and social security numbers.

What does "other personal information" include?

In addition to name and social security, additional information may include any information you provided on your application for admission to the college or on your financial aid application.

Who is affected by this incident? What are the application years that were potentially compromised?

There is no easy description for those impacted, but the majority of the individuals potentially impacted were students who applied for traditional undergraduate admission for Fall semester 2010, through those who applied before February 13, 2013. In addition, a small sampling of graduate and Continuing Professional Studies students may also be affected.

All individuals who may be impacted have had a letter sent to the address on file with the college, which outlined recommended steps to take and available resources.

Has my personal information been compromised? How will I be notified?

If you have been affected you will receive a letter from the college that outlines recommendations for monitoring your identity, financial accounts, and credit, should you feel it is necessary to do so. The letters have been sent to the addresses on file with the college If you would like to confirm whether the device contained information you provided to the College, please call our confidential inquiry line, at (877) 643-2062, Monday through Friday, 9:00 a.m. to 7:00 p.m. E.S.T.

I no longer live at the address the college has on file. How do I get my letter?

We have established a confidential inquiry line, staffed with professionals trained in identity and credit protection and restoration and familiar with this incident, for you to call with any questions or concerns regarding this event.  This confidential inquiry line can be reached Monday through Friday, 9:00 a.m. to 7:00 p.m. EST, at (877) 643-2062.

Does this apply to undergraduate, graduate and Continuing Professional Studies?

The potentially accesses information included applications for undergraduate, graduate and Continuing Professional Studies, but most of the individuals potentially impacted were students who applied for traditional undergraduate admission for Fall semester 2010, through those who applied before February 13, 2013.    

All individuals who may be impacted have had a letter sent to the address on file with the college, which outlined recommended steps to take and available resources.

I transferred into/from the college- does this apply to me?

This situation may apply to you. All individuals who may be impacted have had a letter sent to the address on file with the college, which outlined recommended steps to take and available resources.

I take classes online. Am I affected?

This situation may apply to you. All individuals who may be impacted have had a letter sent to the address on file with the college, which outlined recommended steps to take and available resources.

What actions has the college taken?

The College has undertaken the following actions in response to this incident:

  • Launched an extensive internal investigation into the incident, and this investigation is ongoing. 
  • Retained an independent forensics consulting firm to assist with this investigation into the incident. 
  • Retained privacy and data security legal counsel to assist with the investigation of, and response to, this incident. 
  • Providing written notice of this incident to those whose information was stored on the portable storage device.
  • Offering a free year of identity monitoring services to these individuals.
  •  Providing notice of this incident to certain state and international regulators.  Providing notice of this incident to the national consumer reporting agencies
  • Adopting additional data transfer process protocols.

I am a graduate of the college. Were my records affected?

If the situation applies to you, you will receive a letter from the college with recommended steps to take and available resources.

The college’s databases with alumni-specific data were NOT compromised.

Does the college have any indication that any person has suffered identity theft as a result of the incident?

No, but we ask that those individuals potentially impacted take the situation seriously and monitor their identity, financial accounts, and credit, should they feel it is necessary to do so.

I received a letter. What should I do?

The letter outlined steps you can take to monitor your identity, financial accounts, and credit, should you feel it is necessary to do so, and resources available to you.

  • The letter from the college included information and a verification code to enroll in First Watch Technologies, Inc. to provide you with one (1) free year of identity monitoring services.  If you enroll, First Watch will monitor thousands of databases and hundreds of billions of records on your behalf to look for suspicious activity that could indicate the beginning steps of identity theft.  If suspicious activity is found, First Watch will place a personal phone call to you (at the telephone number that you provide during enrollment) to determine if the suspicious activity is fraudulent.  The First Watch ID service also includes up to $25,000 of identity theft insurance with $0 deductible, along with identity restoration coverage (certain limitations and exclusions may apply).
  • Monitor your financial accounts carefully, and if you see any unauthorized activity, promptly contact your bank, credit union or credit card company. Look for inquiries from companies you haven't contacted, accounts you didn't open, and debts on your accounts that you can't explain.
  • Monitor your credit reports for suspicious or unauthorized activity.  Under U.S. law, you are entitled to one free credit report annually from each of the three major credit bureaus.  To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228.  You may also contact the three major credit bureaus directly to request a free copy of your credit report:

Equifax

Experian

TransUnion

P.O. Box 105069

P.O. Box 2002

P.O. Box 6790

Atlanta, GA 30348

Allen, TX 75013 

Fullerton, CA 92834

800-525-6285

888-397-3742

800-680-7289

www.equifax.com

www.experian.com

www.transunion.com

  • Place a “fraud alert" or a "credit freeze” on your credit reports. You can find out more information from the Federal Trade Commission about fraud alerts and freezing your credit files.  To place a fraud alert or freeze on your credit files, contact the three credit reporting agencies listed above. Placing a fraud alert entitles you to free copies of your credit reports. A fraud alert is a signal placed in your credit report to warn potential creditors that they must use what the law calls “reasonable policies and procedures” to verify your identity before they issue credit in your name.

You may also obtain information on how to place a fraud alert or security freeze on your credit file from your state attorney general.  For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001, (919) 716-6400, www.ncdoj.gov.  For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202, (888) 743-0023, www.oag.state.md.us.  For Vermont residents, the Attorney General can be reached at:  109 State Street, Montpelier, VT 05609, (802) 828-3171, www.atg.state.vt.us.

  • We have established a confidential inquiry line, staffed with professionals trained in identity and credit protection and restoration and familiar with this incident, for you to call with any questions or concerns regarding this event or the contents of this letter.  This confidential inquiry line can be reached Monday through Friday, 9:00 a.m. to 7:00 p.m. EST, at 877-643-2062.

I’m a minor. Do I need to do anything differently?

The Federal Trade Commission advises you and your parents contact each of the three nationwide credit reporting companies and ask for a manual search of your credit file. The companies will check for files related to your name and Social Security number, as well as related only to your Social Security number. The companies may require copies of:

      •            Your birth certificate listing your parents
      •            Your Social Security card
      • Your parent or guardian’s government-issued identification card, like a driver’s license or military identification, or copies of documents proving the adult is your legal guardian
      •            Proof of address, like a utility bill, or credit card or insurance statement

Are faculty and staff impacted?

Our faculty and staff databases have NOT been impacted. However, any faculty and staff who applied for admission may be impacted. The college sent a letter to everyone with personal information potentially at risk, which outlined recommended steps to take and available resources.

Was donor information involved?

Our donor database has not been impacted. Alumni, donors and their children who applied for admission may be impacted. The college sent a letter to everyone with personal information potentially at risk, which outlined recommended steps to take and available resources.

I attended a conference on campus. Am I affected?

Conference attendance databases were not affected. However, if you or your child applied for admission to the college, you may be impacted. The college sent a letter to everyone with personal information potentially at risk, which outlined recommended steps to take and available resources.

Were my Student Health Services/medical compromised?

No—Student Health Services files were not impacted.

I think I may be a victim of identity theft. What should I do?

If you believe you are a victim of attempted or actual identity theft or fraud, we encourage you to take the following steps: 

  • Close any accounts that have been tampered with or opened fraudulently.
  • File a police report and ask for a copy for your records. 
  • File a complaint with the Federal Trade Commission.
  • File a complaint with your state Attorney General.
  • Write down the name of anyone you talk to, what s/he told you, and the date of the conversation.
  • Follow-up in writing with all contacts you've made about the ID theft on the phone or in person. Use certified mail, return receipt requested, for all correspondence regarding the theft.
  • Keep copies of all correspondence or forms relating to the suspicious activity, identity theft, or fraud.
  • Keep the originals of supporting documentation, such as police reports and letters to and from creditors; send copies only.
  • Keep old files, even if you believe the problem is resolved.

Where can I learn more?

You can further educate yourself regarding identity theft, and the steps you can take to protect yourself, including placing a fraud alert or security freeze on your credit file, by contacting the Federal Trade Commission.  The Federal Trade Commission can be reached at:

Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580
www.ftc.gov/bcp/edu/microsites/idtheft/
1-877-ID-THEFT (1-877-438-4338); TTY:  1-866-653-4261

Who do I contact for additional information?

We have established a confidential inquiry line, staffed with professionals trained in identity and credit protection and restoration and familiar with this incident, for you to call with any questions or concerns regarding this event or the contents of this letter.  This confidential inquiry line can be reached Monday through Friday, 9:00 a.m. to 7:00 p.m. EST, at  877-643-2062.

 


Champlain College Notifies Students, Parents of DATA SECURITY INCIDENT

College retains identity monitoring firm to assist affected families

June 3, 2013, Burlington, VT—Today Champlain College notified potentially impacted students that a portable storage device containing names, Social Security numbers, and other information provided to the college’s admissions and financial aid offices was inadvertently left in a campus computer lab.

Once the drive was returned to the information systems department, the college launched an internal investigation, retained independent forensics experts and hired privacy and data security legal counsel to assist with the investigation of, and response to, this incident.  It is also adopting additional data collection and transfer protocols. 

The college has no evidence of any attempted or actual misuse of the  information stored on the device, but out of an abundance of caution notified those potentially impacted of steps they can take to monitor their identity, financial accounts, and credit, should they feel it is necessary to do so. 

 “Our goal is to be forthcoming with the truth and to arm members of our community with resources to prevent potential identity theft,” stated Vice President David J. Provost. “We are working to make sure this type of incident doesn’t happen again and live up to the expectations parents and students have of us to keep their information safe. We are committed to getting this right.”

 The device included 14,217 social security numbers of students who applied for admission. The majority of the individuals impacted applied for traditional undergraduate admission for Fall 2010, through applications submitted in February 2013 for Fall 2013. In addition, a small sampling of graduate and Continuing Professional Studies students may also be affected.

Students and parents potentially impacted are being offered one year of identity monitoring services by First Watch Technologies, Inc., paid for by the college.

Champlain also established a confidential inquiry line, staffed with professionals trained in identity and credit protection and restoration and familiar with this incident, to assist the students and parents impacted.  The confidential inquiry line can be reached Monday through Friday, 9:00 a.m. to 7:00 p.m. EST, at 877-643-2062

Available for interview from the college:
David J. Provost, Senior Vice President for Finance and Administration
Area for interview: Information on the campus data incident.

Jonathan Rajewski, Computer & Digital Forensics instructor
Area for interview: General information on civil and criminal digital forensic investigations. Instructor Rajewski also serves as a Computer Forensic Examiner for the Vermont Internet Crimes Task Force.

John Pelletier of Stowe, Director of the Center for Financial Literacy
Area for interview: How to proactively protect your identity and credit from fraud.

Interviews can be arranged by contacting Director Mease.


Find a Program
News Events Calendar Social Feeds