Potential Admission Data Compromise

April 02, 2019

On March 25, the College sent direct notice to any individual whose personal information was confirmed to be included in admission data system files that may have been accessed by an unauthorized individual. These findings were sent via regular U.S. Mail, and the College also sent an email notification to those individuals on March 27.

If you received a notice letter or email and have any questions, you can contact the dedicated and confidential toll-free response line, (888) 526-1229, available from 8 a.m. to 8 p.m. CT, Monday through Friday.

If you did not receive a notice letter and you think you may be impacted, you can call the response line and provide your full name, and they will confirm whether your information may have been compromised.

There is no evidence at this time that this incident included financial information provided by students or parents on financial aid applications, or application essays, letters of recommendations, or transcripts. Financial information, such as payment card and financial account information, is maintained in a separate system.

Admission Data FAQs

What happened?

On March 7, 2019, we were made aware of suspicious activity in our admission database. We immediately closed access to our database, notified the FBI, and launched an investigation. We determined that some admission data may have been accessed by an unknown party. On March 25, the College sent a direct notice to individuals whose personal information was confirmed to have been included in the potentially accessed files. The investigation is ongoing, and we will provide follow-up notification as appropriate.

What information was involved?

Components of inquiry and/or admission files, including email addresses and contact information, may have been accessed. However, we have no evidence at this time that this incident has included financial information provided by students or parents on financial aid applications, application essays, letters of recommendations, or transcripts.

On March 25, the College sent direct notice of the incident to any individual whose personal information was confirmed to be in the files that may have been accessed by the unauthorized individual. These findings were sent via regular U.S. Mail, and the College sent an e-mail notification on March 27 as well. If you have received a notice letter or e-mail and have any questions, you can contact our dedicated and confidential toll-free response line, (888) 526-1229, available from 8 a.m. to 8 p.m. CT, Monday through Friday.

What are you doing as a result of this incident?

We are committed to maintaining the privacy of personal information and have taken additional precautions to safeguard it. We continually evaluate and modify our practices to enhance the security and privacy of personal information.

What can I do to protect myself?

Please be wary of suspicious emails or requests in general, but particularly any with questionable content (e.g., those that demand payment for your decision or application information). In addition, you should always review your financial account statements on a regular basis for fraudulent or irregular activity. You may consider ordering a free credit report and placing a fraud alert and/or security freeze on your credit file.

If you received a notice from the College that your personal information was confirmed to be in the files that may have been accessed by the unauthorized individual, the notice letter includes recommendations for actions that you can take, including an offer for credit monitoring. If you have any questions, you can contact our dedicated and confidential toll-free response line, (888) 526-1229, available from 8 a.m. to 8 p.m. CT, Monday through Friday.

How do I place a fraud alert on my credit report?

In order to place a fraud alert, you can call any one of the three major credit bureaus (as soon as one credit bureau confirms your fraud alert, they will notify the others to place fraud alerts). Alternatively, you may file the fraud alert online.

Equifax Experian TransUnion
P.O. Box 105069
Atlanta, GA 30348
www.equifax.com
1-800-525-6285
P.O. Box 2002
Allen, TX 75013
www.experian.com
1-888-397-3742
P.O. Box 2000
Chester, PA 19022
www.transunion.com
1-800-680-7289

How do I place a security freeze on my credit files and how much does it cost?

If you are very concerned about becoming a victim of fraud or identity theft, you may request a “security freeze” be placed on your credit file, at no cost to you. A security freeze prohibits, with certain specific exceptions, the consumer reporting agencies from releasing your credit report or any information from it without your express authorization. You may place a security freeze on your credit report by sending a request in writing, by mail, to all three nationwide credit reporting companies. To find out more on how to place a security freeze, you can use the following contact information

Equifax Security Freeze Experian Security Freeze TransUnion Security Freeze
P.O. Box 105788
Atlanta, GA 30348
www.freeze.equifax.com
1-800-685-1111
P.O. Box 9554
Allen, TX 75013
www.experian.com/freeze
1-888-397-3742
P.O. Box 2000
Chester, PA 19022
www.transunion.com/securityfreeze
1-800-680-7289

In order to place the security freeze, you’ll need to supply your name, address, date of birth, Social Security Number, and other personal information. After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique PIN (personal identification number) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.

If your personal information has been used to file a false tax return, to open an account or to attempt to open an account in your name, or to commit fraud or other crimes against you, you may file a police report in the city in which you currently reside.

When will you have more information about the impact of this incident?

Our investigation into this incident to determine the specifics of any data that may have been compromised is ongoing. On March 25, the College sent direct notice of the incident to any individual whose personal information was confirmed to be in the files that may have been accessed by the unauthorized individual. We will provide follow-up notification as appropriate.

Timeline

March 25, 2019 — The College previously provided general notification of a security incident that may have impacted information that is housed in our admission database. On March 25, the College sent direct notice of this incident to any individual whose personal information was confirmed to be included in the files that may have been accessed by an unauthorized individual.

Those findings were sent via regular U.S. mail. Although we have no evidence at this time that any information has been misused, the notice includes an offer of credit monitoring services, at no charge, as well as other suggestions of actions that can be taken. Anyone receiving a notice letter is urged to consult with a trusted adviser to determine an advisable course of action.

Should you have any questions, you can contact our dedicated and confidential toll-free response line, (888) 526-1229, available from 8 a.m. to 8 p.m. CT, Monday through Friday.

March 18, 2019 — A brief update regarding the ongoing investigation into an instance of unauthorized access of the system that houses our College’s admission-related information.

Within a matter of hours, our information technology team shut down the intrusion and confirmed the system was stable. We promptly began an investigation, increased security protocols to help prevent further unauthorized access to applicant records, and reported the incident to the FBI. As part of our ongoing investigation, the College is working closely with external forensic investigators and cybersecurity experts to analyze the data involved. We have no evidence that financial data provided by students or their families, transcripts, or recommendations were potentially compromised. As more information becomes available, we will keep you informed.

Should you have any questions, you can contact our dedicated and confidential toll-free response line, (888) 526-1229, available from 8 a.m. to 8 p.m. CT, Monday through Friday.

March 11, 2019 -- A call center has been established for individuals who may have been affected by this incident. The call center 's dedicated and confidential toll-free response line is available at 888-526-1229 . This response line is staffed with professionals familiar with this incident Monday through Friday, 8 a.m. to 8 p.m. Central Time.

March 8, 2019 -- Since learning of this incident, we have come to understand that this cyberattack on Grinnell College information was the most recent of three reported attacks on admission-related information at U.S. colleges.

We have no evidence at this time that this incident has included personal financial information provided by students or parents on financial aid applications. Financial information is maintained in a separate system than the one where some admission data may have been compromised, and at this time there is no evidence that system was accessed by an unauthorized user. If the College becomes aware that any students' record may have been compromised, those individuals will be contacted directly with more information.

For your information, a call center is being established for individuals who may have been affected by this incident. The call center's dedicated and confidential toll-free response line will be available at 888-526-1229, starting at Noon (CT) on Monday, March 11. This response line will be staffed with professionals familiar with this incident. The regular hours of operation will be Monday through Friday, 8 a.m. to 8 p.m. Central Time.

Safeguarding the privacy and security of all information is a top priority for us. We are taking significant measures to protect information and prevent recurrence of a similar issue in the future. We are working with experts on campus as well as leading cybersecurity professionals to ensure that students are protected and fully informed. If the situation warrants, we will provide updated information as it becomes available.

Grinnell respects your privacy and is committed to protecting your personal data and keeping it secure; you can learn more about the Grinnell College Privacy Policy. Updates will be available on this page.

March 7, 2019 -- This morning Grinnell College learned from some prospective students that they received an email from an individual claiming to have gained unauthorized access to a database containing personally identifiable information who would sell them access to their full admission file for a sum of money. If you receive(d) such a message, you are strongly advised not to respond. We have contacted appropriate authorities, including the Federal Bureau of Investigation, and will send out notification as soon as possible.

We have no evidence at this time that the suspected security incident revealed any financial information provided by domestic students or parents, either through financial aid applications or otherwise offered to the College.

We use cookies to enable essential services and functionality on our site, enhance your user experience, provide a better service through personalized content, collect data on how visitors interact with our site, and enable advertising services.

To accept the use of cookies and continue on to the site, click "I Agree." For more information about our use of cookies and to opt-out of cookies at any time, please refer to our website Privacy Policy.