Unauthorized data breach via the college’s insurance provider affects more than 2,400 current, former employees
College of the Canyons is communicating with more than 2,400 affected personnel after an unauthorized data breach through its insurance provider, according to Eric Harnish, a spokesman for the college.
Keenan & Associates, a Torrance-based consulting and brokerage firm which has the Santa Clarita Community College District as one of its clients, was breached by an unauthorized party between Aug. 21 and Aug. 27, according to a letter sent to COC and the state Attorney General’s Office on Dec. 12. The letter states that the company was “the target of a ransomware incident.”
“On Sunday August 27, 2023, we discovered certain disruptions occurring on some Keenan network servers,” the letter reads. “We immediately began an investigation and engaged third-party cybersecurity and forensic experts to assist. Upon detection, we took prompt action to contain it. We also notified law enforcement.
“The investigation determined that an unauthorized party gained access to certain internal systems at various times between approximately August 21, 2023, and August 27, 2023, and that the unauthorized party obtained some data from Keenan systems,” the letter added. “A thorough review of that data was conducted to identify what information was involved and identify individuals to whom the data related.”
Private information, including Social Security numbers and health insurance information, was determined to be retrieved by the unauthorized party after a thorough investigation, according to the letter.
“The review determined that the data involved contained some of your personal information, including your name, and one or more of the following: Social Security number, driver’s license number, passport number, general health information, health insurance information, and other employment-related information,” the letter reads.
Keenan is expected to contact those who have been affected by the breach after the holiday break, Harnish said.
According to Harnish, Keenan reported more than 2,400 current and former employees, as well as dependents of employees, were affected by the breach. No students were affected, Harnish added.
Harnish said there’s no evidence of any personal information being used as a result of the breach.
“We apologize that this incident occurred and will continue to work with Keenan to ensure that these types of incidents will not occur in the future,” reads an email from COC to affected employees.
In an effort to ensure further protection for its client, Keenan offered a complimentary 24-month membership to Experian IdentityWorks.
“This product helps detect possible misuse of your personal information and provides you with identity protection services focused on immediate identification and resolution of identity theft,” the letter reads. “IdentityWorks is completely free to you and enrolling in this program will not hurt your credit score.”
Affected employees have until March 31 to enroll in the program.
“Keenan takes the security of your personal information seriously, and sincerely regrets that this incident occurred,” the letter added.