ECSI Data Breach Exposes SSNs Over 3.5 Months

What Happened?

On February 12, 2024, Educational Computer Systems, Inc. (ECSI), a service provider for Rensselaer Polytechnic Institute, detected an unusually high volume of access attempts to one of their online services. This service, previously available to students and borrowers for accessing tax forms without logging into a user profile, was compromised. ECSI responded promptly by taking the service offline and removing the vulnerable functionality to contain the breach. An investigation, supported by a third-party cybersecurity firm, revealed that unauthorized access occurred sporadically between October 29, 2023, and February 12, 2024.

Information Exposed

• Social Security Number
• Name
• Dollar amounts (e.g., tuition paid, scholarships received, student loan interest paid)

Response from Rensselaer Polytechnic Institute / Educational Computer Systems, Inc.

Upon discovering the breach, ECSI acted to secure their systems by disabling the compromised service and initiating a thorough investigation with cybersecurity experts. To address the immediate risks, they have also started notifying affected individuals and offered complimentary two-year credit monitoring and identity theft protection services through Experian. This includes credit monitoring, identity theft protection, and up to $1 million in identity fraud loss reimbursement.

Steps to Take if You Are Affected

If your information was compromised in this breach, it's crucial to stay vigilant and proactive in monitoring your financial accounts and credit reports. Here are several steps you can take:

• Enroll in the offered credit monitoring service using the unique activation code provided by ECSI.
• Regularly review your account statements and credit reports for any unauthorized activity.
• Place fraud alerts and consider freezing your credit with the three major credit bureaus: Equifax, Experian, and TransUnion.
• Report any suspicious activity to your financial institution or the relevant authorities immediately.
• Utilize resources from the Federal Trade Commission (FTC) for additional guidance on protecting yourself from identity theft.

For more detailed instructions and resources, visit the FTC’s identity theft webpage.

About Rensselaer Polytechnic Institute / Educational Computer Systems

ECSI, serving the higher education sector for over 50 years, offers a comprehensive range of services including campus-based student loan servicing, tuition payment plans, and tax document services.

For more information and to view the official notice to consumers, please refer to the Maine Attorney General's disclosure.