Cyber Incident Victim: Dallas County Community College District

On October 5, 2017, Dallas County Community College District identified unusual activity in an employee email account, prompting immediate credential changes and the initiation of an investigation assisted by a third-party forensic firm. The investigation determined that unauthorized individuals had accessed multiple employee email accounts between September 14, 2017, and December 18, 2017, potentially viewing or acquiring email messages and attachments stored within those accounts. The breach persisted for over three months after initial detection before being fully contained. Forensic analysts conducted an exhaustive manual review of compromised account contents to identify affected individuals, a process that concluded on May 29, 2018. The college did not publicly disclose the total number of impacted parties or specify whether victims were students, employees, vendors, or a combination thereof.

Notification letters were ultimately distributed to affected individuals on August 17, 2018 – ten months after initial detection and nearly three months after completing the data review. Exposed information included Social Security numbers, though the notification did not detail other potentially compromised data types. The institution offered impacted individuals 12 months of credit monitoring and identity restoration services through a third-party provider. No public statements or breach details beyond the mandatory notification filings appeared on the college's website or in news media searches. The method of initial account compromise remained undetermined in available documentation, with no disclosure of whether phishing, credential theft, or system vulnerabilities enabled the unauthorized access.