Cyber Incident FAQ

Last Update November 20, 2023, 9:30 AM.

Chattanooga State was the target of a ransomware attack discovered on May 6, 2023. The College takes the privacy and security of its constituents very seriously and immediately took steps in an effort to address and mitigate the situation. As such, on June 27, Chattanooga State notified individuals impacted by the May 6 security incident that may have resulted in unauthorized access to personal information.

The College confirmed on October 19, that the cybercriminal posted additional compromised files from the May 6 incident online this week—this is not a new incident. As a result, additional personal information was compromised.  On November 20, those impacted were notified. The impacted information may have included name, physical address, phone number, social security number and/or birthdate.

The College sent a notice to the impacted individuals with information for complimentary credit monitoring. The College will pay for two years of credit monitoring service.

The College encourages vigilance and recommends taking precautionary measures to protect your personal information.

Return to Cyber Incident Operational Updates Page

What happened?

The College was the target of a criminal ransomware cyber-attack. This incident resulted in unauthorized access to certain information maintained by the College.

Chattanooga State’s 24/7 cyber protection vendor notified the College on Saturday, May 6, 2023, of an active cyber incident. The College immediately prioritized fending off the cybercriminal and expelling them from our system. The College has restored the impacted computer systems from backups that are regularly retained by the College. Following the advice of law enforcement and external experts, the College has chosen not to engage with cybercriminals.

With the support of our cyber security vendor, the College has been working to assess whether and to what extent sensitive data may have been compromised. As such, on June 27, Chattanooga State notified individuals impacted by the May 6 security incident that may have resulted in unauthorized access to personal information.

The College confirmed on October 19, 2023, that the cybercriminal posted additional compromised files from the May 6 incident online the week of October 19—this is not a new incident. While we are still investigating the scope of the additional files impacted, we do know that additional personal information was compromised. As of November 20, the individuals impacted have been notified.

What information was involved?

According to our forensics investigation, the cybercriminal compromised sensitive personal information that may have included name, physical address, phone number, social security number, and/or birthdate. This information was not encrypted.

What the College is doing?

The College is making Equifax Credit Watch™ Gold credit monitoring services available for two years for the impacted individuals at the College’s expense.

The College takes the security of our systems and data very seriously and has implemented additional measures in an effort to prevent further cyberattacks and to continuously improve our systems. These measures include working with forensics, cyber protection vendors, and other appropriate agencies.

Is the email from NoReply@ChattStateNotice.com legit?

Yes. In addition to the required hard copy notification sent in the mail, impacted individuals who have an email on file were sent an email on November 20.

What those impacted can do:

The Federal Trade Commission (FTC) recommends placing a free fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. Contact any one of the three major credit bureaus. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts. The initial fraud alert stays on your credit report for one year. You can renew it after one year. 

  • Experian, P.O. Box 9554, Allen, TX 75013, 1-888-397-3742 
  • TransUnion, P.O. Box 2000, Chester, PA 19106, 1-800-680-7289  
  • Equifax, P.O. Box 105069, Atlanta, GA 30348, 1-888-766-0008  

Ask each credit bureau to send you a free credit report after it places a fraud alert on your file. Review your credit reports for accounts and inquiries you don’t recognize. These can be signs of identity theft. If you think your personal information has been misused, visit the FTC’s site at IdentityTheft.gov to report the identity theft and get recovery steps. Even if you do not find any suspicious activity on your initial credit reports, the FTC recommends checking your credit reports periodically to spot problems and address them quickly.

What should I do if my family member was notified and is deceased?

Place a credit freeze with each credit bureau (Equifax, Transunion, and Experian) to help protect unwanted people from opening credit in your name.

Obtain free credit reports from annualcreditreport.com. Check for any accounts or charges you don’t recognize. Continue to check your reports annually. Be sure to obtain all three of your credit reports. If you experience identity theft, you can use these credit reports as part of the process of restoring your credit.

According to the Federal Trade Commission (FTC) IdentityTheft.gov website, there are precautions you should take when your SSN has been involved in a data breach.

Create a mySocialSecurity account with the Social Security Administration. You are doing this to claim your Social Security number and ward off anyone else from creating an account in your name. Review your earnings on your Social Security Statement to ensure your information is correct. Note: if you have a freeze implemented on your credit, you must lift it before creating a new mySocial Security account.

Report SSN fraud to the Social Security Administration.

Did the College engage with the cybercriminal?

The College did not engage with the threat actor, which is consistent with the guidance we received from law enforcement. The College is working with state agencies and law enforcement to attempt to remove the compromised files from the internet.

What if I have additional questions?

We have established a dedicated response line to address any questions you have related to this incident: 423-697-5566. The response line is available M–F, 8:00 AM–4:30 PM E.T.