as posted on their web site on mar 20, KWC reveals an incident that they became aware of in September 2020. ky Wesleyan College experienced a network certificate Incident, resulting in the temporary loss of availability to its files and systems. We have since resolved the Incident and implemented additional surety measures. Although there was no direct evidence of any misuse of personal information, this Incident may get resulted in unauthorized access to the personal information of certain kentucky Wesleyan faculty, students, staff records and potentially others. Accordingly, Kentucky Wesleyan will live providing direct formal mark to all individuals whose personal information may have been impacted by the Incident. We value our members of the Kentucky Wesleyan community and thank you for your understanding. For more information, please see our FAQs at the link below. If you get any questions about this Incident or questions regarding the content of the formal notice, please telephone our dedicated telephone center at 1-866-752-0071 from 8:00 a.m. to 8:00 p.m. CT, Monday through Friday. The FAQ does not explain the actual nature of the breach nor how it occurred. Nor does it explain why it took approximately sextuplet months to create notifications. What it does reveal is the types of information involved: What information may hold been impacted? The type of personal information that may have been accessed includes names, social security numbers, birth dates, addresses, drivers license numbers, financial aid grant information, and in some limited instances, other potential Personal Identifying info (PII). What types of personal information does Other potentiality PII encompass? Such information may encompass any of the following: Taxpayer/ Employer Identification Number; Email speech with watchword or associated security questions; Username with watchword or associated security questions; indistinguishability protection Personal Identification number Issued by the IRS; or Biometric Data (g., fingerprints). So sestet months to notify multitude that their SSN and other indistinguishability information and financial assistance may have been accessed? And they don’t even offer any mitigation services? The security of student financial aid data should be covered by the GrammLeachBliley Act. The federal trade charge has enforcement sanction over GLBA. Both DataBreaches.net and EPIC.org had argued in a previous teaching sector transgress incident that the FTC should take enforcement litigate over schools that fail to adequately secure student financial assist data. They didn’t inquire in that case. The FTC generally has no authority over the education sector or not-for-profits, but they manage have authority to enforce GLBA. When there’s a breach involving student financial aid and students aren’t even notified for almost six months — and then they are not even offered any mitigation services, maybe the FTC should take a look at the incident?