In March, DataBreaches reported that North Orange County Community College District in California had been notifying more than 19,000 people about a data security incident. This week, NOCCCD submitted a notification to the California Attorney Genera’s Office, but it does not appear to be an update as much as a delayed notification to the state. But in attempting to verify that, DataBreaches looked at notifications on their component campus sites and discovered that the notice on their website revealed that this was a ransomware incident. But all the school says about that is:

Was this a ransomware attack?
Yes, Cypress College and Fullerton College experienced a ransomware attack. Cypress College and Fullerton College immediately took steps to confirm the security of their systems, including the deployment of an advanced threat protection and monitoring tool.

A copy of the notice was also posted on Fullerton College for International Students. That notice disclosed that the types of information for those students might include “name, and passport number or other unique identification number issued on a government document (such as Social Security number or driver’s license number); financial account information; and/or medical information.”

A second copy of the notice was posted on the website for the Cypress College on-campus Dental Hygiene Clinic.  That notice explained that as of March 25, NOCCCD had been

unable to determine whether any Dental Hygiene Clinic patient data was actually viewed or taken by an unauthorized individual, but because we cannot rule out that risk we are providing this notice in an abundance of caution.

What Information Was Involved? While the specific types of information at risk may vary by patient, they could include name, driver’s license number, and dental hygiene treatment records.

DataBreaches did not locate any update to the notifications and does not recall ever seeing data from this breach on any leak site.