Cyber Incident Victim: National Board of Certified Counselors

On September 7, 2020, the National Board for Certified Counselors detected unusual activity on its network, prompting an immediate investigation. The inquiry revealed malware had been deployed by an unauthorized actor, blocking access to certain system files. Forensic analysis established the intrusion occurred between August 31 and September 7, 2020, during which the attacker accessed and exfiltrated files from NBCC's systems. The organization engaged third-party forensic experts to determine the incident's scope and collaborated with the Federal Bureau of Investigation on their parallel investigation. A comprehensive review of compromised files continued until December 28, 2020, to identify affected individuals and exposed data categories. This prolonged analysis was necessary to examine the contents of impacted files systematically before initiating notifications.

The breach compromised personal information including full names, physical addresses, Social Security numbers, dates of birth, and professional credential details. NBCC found no evidence of actual or attempted misuse of the stolen data following the incident. Response measures included immediate system security enhancements, regulatory notifications as legally required, and personalized notifications to potentially affected individuals. The organization offered complimentary credit monitoring services through TransUnion to those impacted and conducted an internal review of existing security protocols. NBCC implemented additional safeguards to strengthen its information systems while advising vigilance regarding financial account statements, credit reports, and benefits documentation for signs of suspicious activity. The malware's primary effect was restricting access to files rather than encrypting systems or demanding ransom.