CampusCE Data Security Incident

Peninsula College recently learned about a CampusCE data exposure incident which occurred July 25, 2024. It has been confirmed that student data was exposed due to a misconfiguration on a CampusCE web server. This incident only impacts colleges using CampusCE continuing education management software, like Peninsula College.

How Did This Happen?

A misconfiguration on the CampusCE web server allowed public access to an integration log file containing student data. The issue was first reported by a college after a student discovered the vulnerability. Upon notification, the State Board of Community and Technical Colleges immediately notified CampusCE, and corrective measures were taken to resolve the vulnerability. CampusCE has since implemented safeguards to prevent similar incidents in the future.

Who Was Affected?

All Washington state community and technical college continuing education students with data in CampusCE were affected by this incident, including those at Peninsula College.

What Is CampusCE Doing?

This week of September 16, CampusCE mailed official notification to all affected students (approximately 57,000) via U.S. mail. In addition, CampusCE has set up a dedicated call center to handle inquiries, as outlined in the notification letter. Since no financial information (such as credit card numbers or Social Security Numbers) was exposed, credit monitoring services will not be offered.

Peninsula College’s Response

We are sharing this notice with all Peninsula College employees, so they are aware of the incident and are prepared to offer support to students.

Protecting Yourself from Identity Theft

The Federal Trade Commission website is a resource you can access if you think your personal information has been compromised. The FTC offers some tips for protecting yourself from identity theft:

How can I protect myself? What should I do now?
  1. Closely monitor your credit reports.
  2. Obtain a free copy of your credit report from each of the three major credit reporting agencies; Equifax, Experian, and TransUnion.
  3. Place a fraud alert on your accounts. A fraud alert tells creditors to contact you before opening any new accounts or before making changes to existing accounts. You can place a fraud alert by contacting one of the three credit reporting agencies. A fraud alert at one of the agencies will automatically notify the other two services.
  4. Freeze your credit at each of the three major credit reporting agencies. If you believe you are the victim of identity theft, file a police report and notify the Federal Trade Commission.
  5. Block electronic access to your Social Security information. Contact the Social Security Administration at 1-800-772-1213 to block electronic access. This will prevent anyone from being able to see or change your personal information on the internet or by the administration’s automated telephone service.