SCC Home » Security Incident » FAQ
FAQ
Please view each FAQ by clicking on the selections below.
FAQ 04/29/16
W-2 Phishing Incident Frequently Asked Questions 04/29/16 (PDF)
What happened?
On April 28th, an employee of the college was “spoofed” and provided W-2 information for all SCC employees who worked for the college in 2015. The information on the W-2 forms included names, social security numbers, annual amount earned, and amounts deducted for federal, state, and retirement contributions. Birthdates, names of dependents, and bank accounts were not included. The spoofed email came from an external environment, the Solano County Computer Crimes Task Force was notified and is investigating the source. Our IT staff also responded quickly to identify the email address of the sender and assisted the task force. All legal avenues are being used to locate and, if possible, prosecute those involved.
What should I do now?
While we have received no reports that this information has been misused in any manner, as a precaution, we are offering affected employees with a free, one-year membership in Experian’s® ProtectMyID® Alert. This product helps detect possible misuse of your personal information and provides you with identity protection services focused on immediate identification and resolution of identity theft. We encourage you to take advantage of the identity theft protection services being offered. Further, you should remain vigilant to the possibility of fraud and identity theft by reviewing your credit card, bank, and other financial statements for any unauthorized activity.
The State of California Department of Justice provides the best guidelines for the steps you should take to protect your identity. Go to https://oag.ca.gov/idtheft/facts/freeze-your-credit for step-by-step information.
Do I need a code to sign up for credit monitoring services?
Credit monitoring is being provided to all affected individuals. In order to enroll in the credit monitoring services, you will need the activation code that will be included in the letters mailed to affected individuals. You will also be provided an activation code by email early next week.
What is “spoofing?”
Email spoofing is the creation of email messages with a forged sender address. Spam and phishing emails typically use such spoofing to mislead the recipient about the origin of the message” (https://en.wikipedia.org/wiki/Email_spoofing, accessed 4/28/16).
What is a phishing email?
Phishing is the attempt to acquire sensitive information, such as usernames, passwords, and credit card details, often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by email, and it often directs users to enter details at a fake website that looks and feels similar to a legitimate one.
Who was affected?
Anyone employed by SCC in 2015 was impacted including student workers, temporary employees, adjunct faculty, and full time employees. Affected individuals will receive notification by U.S. Mail regarding this incident and advised of the steps they can take to protect themselves. We will have information available on our home page and a designated email account has been established where questions can be sent. You can also call 707-863-7897 Monday-Friday from 9:00am-4:00pm. See My Solano for updates.
How do we avoid this from happening again?
All employees will be receiving additional education and training regarding “phishing” emails, and we are conducting a comprehensive review of our security practices, procedures and safeguards. This is an opportunity for us to improve our security protocols.
How do I place a security freeze?
If you choose, you may place a security freeze through the credit bureaus in addition to the ProtectMyID option that the college will pay for. According to the Office of the Attorney General, “To place a freeze, you must contact each of the three credit bureaus. You can request the freeze by mail. You may also place the freeze online. Here are the freeze web pages for the credit bureaus. Note: If these links do not work, search "security freeze" on the credit bureau web sites.
https://www.freeze.equifax.com
https://www.experian.com/freeze/center.html
http://www.transunion.com/personal-credit/credit-disputes/credit-freezes.page
In the state of California, a security freeze is free to identity theft victims who have a police report of identity theft. We will provide a copy of the police report to affected individuals as soon as the report is available.
If you are not an identity theft victim and you are under 65 years of age, it will cost you $10 to place a freeze with each of the three credit bureaus. That is a total of $30 to freeze your files. If you are not an identity theft victim and you are 65 years of age or older, it will cost you $5 to place a freeze with each of the three credit bureaus. If you have already paid to have a credit freeze placed with the credit bureaus, please keep your receipts and SCC will create a process for reimbursement.
The crime report is available at My Solano. You will be asked to provide a copy of the crime report to get a security freeze at no charge.
Where can I find more information on placing a security freeze and other steps to take to protect my identity?
The Office of the Attorney General provides extensive information at https://oag.ca.gov/idtheft/facts/freeze-your-credit. Additionally, we will continue to post notices at My Solano and send updates using the SCC email.
FAQ 05/09/16
W-2 Phishing Incident Frequently Asked Questions 05/09/16 (PDF)
Security Breach Update
As faculty and staff at Solano Community College have additional questions and concerns regarding the recent data breach, we will be updating information on our campus web page and providing clarification when and where we can.
The following are recent questions and answers:
Q: Who collects and disseminates questions, concerns, incident reports of damages in the wake of this data breach?
A: Superintendent’s/President’s Office, Fiscal Services, Campus Police, and Instructional Technology.
Q: Who is providing regular information to the college on the hotline phone number 707-863-7897 and email (securitybreach@solano.edu)?
A: The phone number and email account were set up and are staffed by Fiscal Services. Jhanaly Ortega is manning the security breach hotline and is sending callers who have general questions to Laura Convento.
Q: Will there be a platform—not public but accessible by all affected employees—to share advice on the data breach consequences?
A: Yes, we are making this information available on the website and it will be in the Inside Solano newsletter.
Q: When will answers to questions and information be posted in the FAQ or other locations?
A: Updates have been and are being uploaded to the web. Additional information is provided in the informational letter that can be picked up in Fiscal Services. A copy of the letter has also been sent to employees’ home addresses.
Q: How many employees have to date had their W-2 data misused? Who collects this information? Who advises these individuals?
A: We don’t collect this information. Some individuals have discussed this with their tax preparers and Campus Police, or connected with resources at the State Attorney General’s Office. Some SCC employees have already come forward with reports that their W-2 data was used to attempt filing fraudulent tax returns.
Q: Is a point person from Solano College talking with the IRS to inform them of the data breach and consult on ways to protect the confidential information? Has someone consulted with the IRS/FTB as to whether we should file F14039 (IRS) and 3552 (FTB) Identity Theft Affidavits?
A: We are required to report the incident to the State Attorney General’s Office and we have done so. We’ve also notified the Chancellor’s Office. Individuals have to contact the IRS directly and can file the forms referenced above.
Note: If you have ideas or tips to share regarding how to deal with this security breach, please report them to President/Superintendent Celia Esposito-Noy’s office.
Additionally, please also remember these links, which have also been uploaded to the SCC website:
- Form 14039 on the www.irs.gov site, Identity Theft Affidavit. Here is the direct link http://www.irs.gov/pub/irs-pdf/f14039.pdf.
- Form 3552 on the www.ftb.ca.gov site, Identity Theft Affidavit. Here is the direct link https://www.ftb.ca.gov/forms/misc/3552.pdf.