Cyber Incident Victim: Notre Dame de Namur University

On or around April 23, 2018, Notre Dame de Namur University experienced a data security incident involving unauthorized access to an employee email account compromised through a phishing attack. The university discovered the breach on May 18, 2018, initiating an investigation that revealed the account contained sensitive information from financial aid applicants. Exposed data included applicants' names, Social Security numbers, and additional personal details submitted during the financial aid application process. While the exact number of affected individuals remained undisclosed in public filings, the university formally notified the California Attorney General's office about the incident on June 20, 2018, as evidenced by metadata from the agency's website. The breach timeline suggests a nearly one-month gap between the initial compromise and detection.

In response to the incident, Notre Dame de Namur University began notifying impacted financial aid applicants by late June 2018, issuing letters signed by Chief Financial Officer Henry Roth that detailed the nature of the exposure. The institution offered affected individuals a complimentary one-year membership to Experian's IdentityWorks credit monitoring service as remedial protection against potential identity theft. Internally, the university implemented staff re-education programs focused on phishing awareness and cybersecurity incident prevention as part of its organizational response. No specific technical containment measures or forensic findings beyond the phishing vector were disclosed in available documentation. The notification to state authorities confirmed the exposure of high-risk personal identifiers but did not specify whether the compromised email account contained data beyond financial aid applicants or if other institutional systems were affected.