Cyber Incident Victim: Treasure Valley Community College

Treasure Valley Community College (TVCC) discovered a data security incident involving unauthorized access to an employee email account, which was identified on August 25, 2020. The breach potentially exposed personal information of certain TVCC community members, with the unauthorized access occurring between June and December 2019—a timeframe spanning approximately six months. The compromised data included student identification numbers, Social Security numbers, and dates of birth. TVCC initiated an investigation upon discovery but did not identify the perpetrator or determine the exact scope of data exfiltration beyond the confirmed exposure within the email account. The college acknowledged that the delay between the breach period and its detection hindered immediate containment efforts.

TVCC began notifying affected individuals following its investigation, though it lacked sufficient contact information for a subset of individuals whose student ID numbers and dates of birth were involved. The institution offered complimentary credit monitoring services to all impacted parties and established a toll-free call center operational on weekdays from 8:00 a.m. to 8:00 p.m. Central Time to assist with enrollment and inquiries. While TVCC stated no evidence of misuse of the exposed data had been identified, it advised vigilance and provided guidance on safeguarding personal information. The college expressed regret for the incident and emphasized implementing measures to prevent future occurrences, though specific technical or procedural changes were not detailed in public communications. Notification letters were dispatched directly to individuals with available addresses, and the public announcement was issued on December 29, 2020, over four months after the breach was discovered.