Potential Admission Data Compromise

March 18, 2019

March 18, 2019 — A brief update regarding the ongoing investigation into an instance of unauthorized access of the system that houses our College’s admission-related information.

Within a matter of hours, our information technology team shut down the intrusion and confirmed the system was stable. We promptly began an investigation, increased security protocols to help prevent further unauthorized access to applicant records, and reported the incident to the FBI. As part of our ongoing investigation, the College is working closely with external forensic investigators and cybersecurity experts to analyze the data involved. We have no evidence that financial data provided by students or their families, transcripts, or recommendations were potentially compromised. As more information becomes available, we will keep you informed.

Should you have any questions, you can contact our dedicated and confidential toll-free response line, (888) 526-1229, available from 8 a.m. to 8 p.m. CT, Monday through Friday.

Admission Data FAQs

What happened?

On March 7, 2019, we were made aware of suspicious activity in our admission database. We immediately closed access to our database, notified the FBI, and launched an investigation. We determined that some admission data may have been accessed by an unknown party. The investigation is ongoing, and we will provide follow-up notification as appropriate.

What information was involved?

Components of inquiry and/or admission files, including email addresses and contact information, may have been accessed. We are currently investigating whether additional information has been impacted and will provide follow-up notification as appropriate. However, we have no evidence at this time that this incident has included financial information provided by students or parents on financial aid applications, application essays, letters of recommendations, or transcripts.

What are you doing as a result of this incident?

We are committed to maintaining the privacy of personal information and have taken additional precautions to safeguard it. We continually evaluate and modify our practices to enhance the security and privacy of personal information.

What can I do to protect myself?

Please be wary of suspicious emails or requests in general, but particularly any with questionable content (e.g., those that demand payment for your decision or application information). In addition, you should always review your financial account statements on a regular basis for fraudulent or irregular activity. You may consider ordering a free credit report and placing a fraud alert and/or security freeze on your credit file.

How do I place a fraud alert on my credit report?

In order to place a fraud alert, you can call any one of the three major credit bureaus (as soon as one credit bureau confirms your fraud alert, they will notify the others to place fraud alerts). Alternatively, you may file the fraud alert online.

Equifax Experian TransUnion
P.O. Box 105069
Atlanta, GA 30348
www.equifax.com
1-800-525-6285
P.O. Box 2002
Allen, TX 75013
www.experian.com
1-888-397-3742
P.O. Box 2000
Chester, PA 19022
www.transunion.com
1-800-680-7289

How do I place a security freeze on my credit files and how much does it cost?

If you are very concerned about becoming a victim of fraud or identity theft, you may request a “security freeze” be placed on your credit file, at no cost to you. A security freeze prohibits, with certain specific exceptions, the consumer reporting agencies from releasing your credit report or any information from it without your express authorization. You may place a security freeze on your credit report by sending a request in writing, by mail, to all three nationwide credit reporting companies. To find out more on how to place a security freeze, you can use the following contact information

Equifax Security Freeze Experian Security Freeze TransUnion Security Freeze
P.O. Box 105788
Atlanta, GA 30348
www.freeze.equifax.com
1-800-685-1111
P.O. Box 9554
Allen, TX 75013
www.experian.com/freeze
1-888-397-3742
P.O. Box 2000
Chester, PA 19022
www.transunion.com/securityfreeze
1-800-680-7289

In order to place the security freeze, you’ll need to supply your name, address, date of birth, Social Security Number, and other personal information. After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique PIN (personal identification number) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.

If your personal information has been used to file a false tax return, to open an account or to attempt to open an account in your name, or to commit fraud or other crimes against you, you may file a police report in the city in which you currently reside.

When will you have more information about the impact of this incident?

Our investigation into this incident to determine the specifics of any data that may have been compromised is ongoing. We are working to be able to provide accurate information to anyone who may have been affected and are taking steps to mitigate the impact of this incident. We will provide follow-up notification as appropriate.

Timeline

March 11, 2019 -- A call center has been established for individuals who may have been affected by this incident. The call center 's dedicated and confidential toll-free response line is available at 888-526-1229 . This response line is staffed with professionals familiar with this incident Monday through Friday, 8 a.m. to 8 p.m. Central Time.

March 8, 2019 -- Since learning of this incident, we have come to understand that this cyberattack on Grinnell College information was the most recent of three reported attacks on admission-related information at U.S. colleges.

We have no evidence at this time that this incident has included personal financial information provided by students or parents on financial aid applications. Financial information is maintained in a separate system than the one where some admission data may have been compromised, and at this time there is no evidence that system was accessed by an unauthorized user. If the College becomes aware that any students' record may have been compromised, those individuals will be contacted directly with more information.

For your information, a call center is being established for individuals who may have been affected by this incident. The call center's dedicated and confidential toll-free response line will be available at 888-526-1229, starting at Noon (CT) on Monday, March 11. This response line will be staffed with professionals familiar with this incident. The regular hours of operation will be Monday through Friday, 8 a.m. to 8 p.m. Central Time.

Safeguarding the privacy and security of all information is a top priority for us. We are taking significant measures to protect information and prevent recurrence of a similar issue in the future. We are working with experts on campus as well as leading cybersecurity professionals to ensure that students are protected and fully informed. If the situation warrants, we will provide updated information as it becomes available.

Grinnell respects your privacy and is committed to protecting your personal data and keeping it secure; you can learn more about the Grinnell College Privacy Policy. Updates will be available on this page.

March 7, 2019 -- This morning Grinnell College learned from some prospective students that they received an email from an individual claiming to have gained unauthorized access to a database containing personally identifiable information who would sell them access to their full admission file for a sum of money. If you receive(d) such a message, you are strongly advised not to respond. We have contacted appropriate authorities, including the Federal Bureau of Investigation, and will send out notification as soon as possible.

We have no evidence at this time that the suspected security incident revealed any financial information provided by domestic students or parents, either through financial aid applications or otherwise offered to the College.