Cyber Incident Victim: North Orange County Community College District

On December 7, 2021, an unauthorized individual gained access to the networks of Cypress College and Fullerton College, both part of the North Orange County Community College District (NOCCCD). The intrusion persisted undetected until January 10, 2022, when NOCCCD security personnel identified the breach. During this period, the attacker potentially exfiltrated copies of files from the compromised systems. While the initial public disclosure did not specify the exact nature of the compromised data, the incident involved both personnel and student information. NOCCCD later confirmed the event as a ransomware attack in a subsequent update, though no further details regarding the ransomware variant, ransom demands, or payment status were disclosed. The district initiated an internal investigation following detection to assess the scope and impact of the breach across its college networks.

NOCCCD issued preliminary notifications to affected individuals on February 17, 2022, followed by formal written notices mailed to 19,678 impacted students and employees starting March 25, 2022. The district contracted with IDX to provide affected individuals with 12 months of identity monitoring services, though the notification template did not enumerate specific data types exposed in the breach. In response to the incident, NOCCCD implemented multifactor authentication across its systems to strengthen network security defenses. The breach prompted operational disruptions, though the district did not publicly detail the duration or extent of these interruptions. No additional information regarding data recovery efforts, forensic findings, or law enforcement involvement was provided in the available reporting.