Cyber Incident Victim: College of DuPage

The College of DuPage in Glen Ellyn, Illinois, confirmed a data breach on March 16, 2020, compromising personal and tax information of 1,755 current and former employees. Exposed data included 2018 W-2 tax forms containing sensitive employee details. College President Brian Caputo publicly acknowledged the incident but did not disclose when the breach occurred, when it was discovered, or the specific method of data exposure. While Caputo stated the likelihood of criminals obtaining or misusing the information was low, the college initiated breach notifications to affected individuals out of caution. The breach coincided with the institution's transition to alternative instruction plans due to the emerging COVID-19 pandemic, though no coronavirus cases had been reported among campus personnel at the time of disclosure.

In response, the college offered complimentary credit monitoring and identity protection services to all impacted individuals. Caputo emphasized the institution's commitment to protecting private information by implementing additional procedural safeguards to prevent future breaches. An internal investigation failed to produce conclusive findings regarding the breach's origin or methodology. The college issued a formal apology through Caputo, who expressed regret for the incident and any resulting concerns. No technical details about affected systems, containment measures, or attacker actions were released publicly. The incident remained under investigation with no further updates disclosed in the immediate aftermath of the announcement.