Skip to content

NOTICE OF DATA BREACH

The Chronicle of Higher Education, Inc. takes data security very seriously and understands the importance of protecting the information it maintains. This notice describes a data security incident that may have involved information for some online accounts to chronicle.com, philanthropy.com, and chroniclevitae.com, and explains the incident, measures that The Chronicle has taken, and some steps that can be taken by account holders in response.

WHAT HAPPENED: On June 19, 2020, The Chronicle completed its investigation of reports it received that some of its data may have become accessible online. Through the investigation, The Chronicle confirmed that unauthorized parties made data for some online accounts to chronicle.com, philanthropy.com, and chroniclevitae.com available online. Upon learning of this, The Chronicle launched an investigation with the assistance of a leading cybersecurity firm, and law enforcement was notified. Through the investigation, The Chronicle determined that unauthorized parties had exploited a vulnerability in one of The Chronicle’s servers, through which they were able to obtain limited account information.

WHAT INFORMATION WAS INVOLVED: The information posted online was limited to account holder names, email addresses, usernames, and passwords for some online accounts to chronicle.com, philanthropy.com, and/or chroniclevitae.com. Although The Chronicle “hashed” and “salted” passwords for online accounts in its database, meaning that a cryptographic process was used to render the actual passwords indecipherable to third parties and that they were not maintained in plain text, the unauthorized parties were able to bypass the cryptographic “hashing” and “salting” process, making some online account passwords accessible in plain text. To date, The Chronicle has no evidence that there has been unauthorized access to any online accounts.

WHAT YOU CAN DO: Out of an abundance of caution, The Chronicle reset passwords to all online accounts on June 16, 2020, so that the passwords for the accounts are no longer valid. If account holders have not logged in since that date, the next time they log in to their online accounts, they will be prompted to change their passwords. Also, if account holders use the same usernames and passwords for any other online account, The Chronicle recommends that they change the passwords to those accounts as well.

WHAT WE ARE DOING: The Chronicle began notifying online account holders about this incident on July 9, 2020. Also, out of an abundance of caution, The Chronicle is providing courtesy notice of this incident to account holders whose account information was not involved in this incident. In addition to resetting the passwords to all online accounts using stronger “hashing” and “salting” technology, The Chronicle has taken steps to help prevent a similar incident from occurring in the future, including the replacement of the server with the unauthorized access, as well as additional procedures to further expand and strengthen security processes.

FOR MORE INFORMATION: If you believe that information related to your online account(s) to chronicle.com,philanthropy.com, and/or chroniclevitae.com was involved in the incident, but do not receive a notice by July 31, 2020, please call 1-833-579-1097, Monday – Friday, 9:00 a.m. to 9:00 p.m., Eastern Daylight Time.

ADDITIONAL STEPS YOU CAN TAKE

If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in your state. You can obtain information from these sources about steps an individual can take to avoid identity theft as well as information about fraud alerts and security freezes. You should also contact your local law enforcement authorities and file a police report. Obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records. Contact information for the Federal Trade Commission is as follows:

  • Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue NW, Washington, DC 20580, 1-877-IDTHEFT (438-4338), www.ftc.gov/idtheft

New York Residents: You may contact and obtain information from these state agencies: New York Department of State Division of Consumer Protection, One Commerce Plaza, 99 Washington Ave., Albany, NY 12231-0001, 518-474-8583 / 1-800-697-1220, http://www.dos.ny.gov/consumerprotection; and New York State Office of the Attorney General, The Capitol, Albany, NY 12224-0341, 1-800-771-7755, https://ag.ny.gov