EVIT Data Breach Affects 208,717 Individuals: Full Report

On January 9, 2024, the East Valley Institute of Technology (EVIT) discovered a significant data breach that affected the records of 208,000 individuals. This breach involved unauthorized access to EVIT's network, potentially exposing a wide range of sensitive information. The breach had a limited impact on EVIT's operations, but the extent of the data compromised is severe.

The exposed information includes:

• Name of individual
• Address
• Social Security Number Information
• Driver’s License number
• Government-issued ID number (e.g., passport, state ID card)
• Financial Information (e.g., account number, credit or debit card number)
• Medical Information
• Health Insurance Information
• Date of Birth
• Class List
• Student ID Number
• Race/Ethnicity
• Grades
• Course Schedule
• Home Phone Number
• Email Address
• Parent/Guardian Name
• Transcript
• IEP/504 Plan
• Financial Aid Information
• Class Rank
• Place of Birth
• TIN
• Tribal ID Number
• Account Number
• Routing Number
• Health Insurance Information
• Account Type
• Disciplinary File
• Absence Reason
• Health/Allergy Information
• Diagnosis
• Patient ID Number
• Institution Name
• Health Insurance Policy Number or Subscriber Number or Policy Number
• US Alien Registration Number
• Medical Record Number
• Treatment Location
• Payment Card Number
• Mental or Physical Condition
• Treatment Type
• Prescription Information
• Passport Number
• Treatment Information
• Username with Password Pin or Login Information
• Patient Account Number
• Biometric Data
• Mental or Physical Treatment
• Diagnosis Code
• Payment Card Type
• Military ID Number

The breach was disclosed to the Attorney General's office in Maine and Texas. You can find the disclosure on the Maine Attorney General's website and the Texas Attorney General's website. Additionally, the disclosure is available on the Massachusetts Attorney General's website.

EVIT's Response

In response to the breach, EVIT has taken several corrective steps. They promptly investigated the incident, secured their systems, and reported the breach to the three largest nationwide consumer reporting agencies and appropriate authorities. They have also implemented several security measures, including:

• Locking down VPN access
• Deploying EDR software
• Implementing 24x7 monitoring for the incident
• Revoking privileged user access
• Changing all service account passwords and user passwords
• Revoking domain trust
• Performing domain cleanup
• Rebuilding or replacing nineteen virtual servers

EVIT engaged a third party specializing in network security to help with these measures and to harden its network infrastructure. Additionally, EVIT provided email notifications to all current and former students, staff, faculty, and parents with email addresses on file. They also posted alternative website notices for impacted individuals online.

Steps to Take if You Are Affected by the Data Breach

If you are affected by this data breach, it is crucial to take immediate action to protect your personal information. Here are some steps you should consider:

1. Enroll in Identity Theft Protection Services: EVIT is offering identity theft protection services through IDX. These services include 12 months of CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed ID theft recovery services. Enroll by calling 1-888-457-8842 or visiting IDX's EVIT response page.
2. Monitor Your Accounts: Regularly review your account statements and monitor your credit reports for any suspicious activity. You are entitled to one free copy of your credit report every 12 months from each of the three major credit reporting companies. Obtain your report at Annual Credit Report or call 1-877-322-8228.
3. Place Fraud Alerts: Consider placing a fraud alert on your credit reports. This will require creditors to contact you before opening any new accounts or making changes to your existing accounts. Contact one of the three major credit bureaus to place a fraud alert.
4. Security Freeze: Place a security freeze on your credit files to prevent new accounts from being opened in your name. This can be done by contacting each of the three national credit reporting bureaus.
5. Report Suspicious Activity: If you discover any suspicious items, report them immediately to IDX or your credit monitoring service. You can also file a police report if you experience identity fraud.
6. Stay Informed: Visit the Federal Trade Commission's website for more information on how to protect yourself from identity theft.

About East Valley Institute of Technology

The East Valley Institute of Technology (EVIT) offers hands-on training in various fields, including 3D animation, aesthetics, allied health, automotive technology, aviation flight training, and more. For more information, visit EVIT's website.