Security Breach

Portland Community College Incident Hotline: 971-722-4896 | incidentresponse@pcc.edu

On Aug. 5, a PCC employee reported that a car had been broken into and items were stolen. The employee had been transferring information from one PCC work location to the other. One of items taken was a data storage device that held the names and Social Security numbers of participants in the Oregon Food Stamp Employment and Transition Program.

PCC recently became aware of this matter and has moved quickly to notify those concerned, even though there is no indication at this point that any of the personal information in question has been accessed by anyone outside the college.

We have notified participants in the Oregon Food Stamp Employment and Transition Program who we identify as potentially impacted by this incident and offered them free online credit monitoring services in an effort to prevent them from becoming a victim of identity theft.

To assist in protecting the identities of those affected, PCC has offered, at no cost, for one year, Debix Credit Protection. This product provides:

  • Comprehensive credit file monitoring of all three agency credit reports
  • Immediate actionable Credit Alerts by phone
  • On call investigator if an attack occurs
  • Fraud recovery service and $1,000,000 in identity theft insurance coverage

Debix Credit Protection will also contact those affected, regarding signing up for this credit protection service.

Debix shall provide OnCall Credit Monitoring (“OnCall CM”) services for one year. OnCall CM services include credit alert delivery via phone, identity theft insurance and identity restoration.

Frequently Asked Questions

Click on a question to get the answer.

I received a letter, supposedly from PCC, about a security incident involving my personal information. Is this real?

Yes. As the letter explains, PCC had a security incident involving personal information for approximately 2900 program participants. A car owned by an employee of Portland Community College was broken into on Thursday, Aug 5.

If you received a different letter than the one identified on the web page or any request asking you to provide personal information that is NOT from PCC. A copy of the letter sent from PCC is on the Incident Response webpage.

Why is my personal information at risk?

The employee whose car was broken into was working at two PCC locations and was transferring information from one site to the other when the theft occurred. Among the stolen items was a data-storage device containing the names and Social Security numbers of an estimated 2,900 participants in the Oregon Food Stamp Employment Transition Program.

There is no indication at this point that any of the personal information in question has been accessed by anyone outside the college. To err on the side of caution, we’re encouraging affected individuals to consider taking appropriate precautions.

Were addresses and phone numbers in the student data files?

No.

How do I know if my information was in the student data files?

Letters were mailed to affected students on August 9. If you receive a letter, your information was in the data files in question. If you do not receive a letter, your information was not involved.

Does PCC have policies in place to try and prevent this sort of data loss?

PCC’s Information Security Policies can be found here: http://www.pcc.edu/resources/tss/info-security/

What else is PCC doing to protect my identity?

In addition, to providing the Debix Service your account will be flagged and you notified if we receive any address change request. You may request a permanent hold be placed on your account to limit transactions and approved based on in-person proof identify.

Is this information still at risk of disclosure to an unauthorized person?

We do not know what the status is regarding the data storage device that held your name and Social Security number. We believe there is a risk even though we have not received evidence that the information has been used.

What should I do if I discover fraudulent use of my personal information?

Individuals whose personal information was involved in this incident can request a free initial fraud alert to be placed on their credit files by calling any one of the three major national credit bureaus:

Trans Union
Direct Line for reporting suspected fraud:
800-680-7289

Fraud Victim Assistance Department
P.O. Box 6790
Fullerton, CA 92634
Phone: 800-916-8800 / 800-680-7289
http://www.transunion.com

Equifax
Direct Line for reporting suspected fraud:
800-525-6285

Fraud Division
P.O. Box 740250
Atlanta, GA 30374
800-685-1111 / 888-766-0008
http://www.equifax.com

Experian
Direct Line for reporting suspected fraud:
888-397-3742

Credit Fraud Center
P.O. Box 1017
Allen, TX 75013
888-EXPERIAN (888-397-3742)
http://www.experian.com

When contacting the Credit Reporting Agency, you should request the following:

  1. Instruct them to flag your file with a fraud alert including a statement that creditors should get your permission before opening any new accounts in your name.

  2. Ask them for copies of your credit report(s). (Credit bureaus must give you a free copy of your report if it is inaccurate because of suspected fraud.) Review your reports carefully to make sure no additional fraudulent accounts have been opened in your name or unauthorized changes made to your existing accounts.

    NOTE: In order to ensure that you are issued free credit reports, we strongly encourage you to contact the agencies DIRECT LINE (listed above) for reporting fraud.

  3. Be diligent in following up on your accounts. In the months following an incident, order new copies of your reports to verify your corrections and changes, and to make sure no new fraudulent activity has occurred.

If you find that any accounts have been tampered with or opened fraudulently, close them immediately. To ensure that you do not become responsible for any debts or charges, use the ID Theft Affidavit Form developed by the Federal Trade Commission to help make your case with creditors