Network Security Incident Frequently Asked Questions

When did Kentucky Wesleyan learn of the incident?
Kentucky Wesleyan became aware of the Incident in September 2020 and immediately launched an investigation working diligently with industry-leading cybersecurity firms, law enforcement, and governmental authorities to address and resolve the Incident.  As a result, the Incident did not have any material impact on or disruption to our operations or our ability to support you as our valued faculty, students, and staff. 

Is the issue contained?
Yes, this issue has been contained.

Who was affected?
The individuals that may have been impacted by the Incident include certain current and former Kentucky Wesleyan faculty, students, staff and others.  Accordingly, Kentucky Wesleyan will be providing direct formal notice to all individuals whose personal information may have been impacted by the Incident.   

Why are some individuals being notified versus others?
We take this Incident and your personal information very seriously.  Therefore, we wanted to provide our entire Kentucky Wesleyan community with information about the Incident, and further provide additional guidance to help each of us better protect our personal information.  However, only those individuals whose personal information may have been impacted by the Incident will be notified.

What information may have been impacted?
The type of personal information that may have been accessed includes names, social security numbers, birth dates, addresses, driver’s license numbers, financial aid award information, and in some limited instances, other potential Personal Identifying Information (“PII”).

What types of personal information does “Other Potential PII” encompass?
Such information may encompass any of the following:

  • Taxpayer/ Employer Identification Number;
  • Email address with password or associated security questions;
  • Username with password or associated security questions;
  • Identity Protection Personal Identification Number Issued by the IRS; or
  • Biometric Data (g., fingerprints).

What is Kentucky Wesleyan doing to prevent this from happening again?
We leveraged an outside cybersecurity expert to assist us in implementing additional and enhanced measures to reinforce the security of our information technology systems.  Such measures, among other things, include the following:

  • Updated and implemented additional security software on all endpoints;
  • Implemented Multi-factor Authentication (MFA); and
  • Reset all passwords.

What you can do?
We recommend that you remain vigilant in regularly reviewing and monitoring all of your account statements and credit history to guard against any unauthorized transactions or activity.  If you discover any suspicious or unusual activity on your accounts, please contact your financial institution.  We have provided additional information below, which contains more information about steps you can take to protect yourself against fraud and identity theft.

  • Regularly review and monitor all of your account statements and credit history to guard against any unauthorized transactions or activity.
  • Contact your financial institution immediately if you discover any suspicious or unusual activity on your accounts.
  • Do not save login/financial credentials in browsers and keep credentials in a secure location.
  • Be careful about what information you post online and restrict access to your personal details on social media.
  • Make sure you have enabled the privacy safeguards on your devices and social media accounts, and keep them enabled.
  • Do not access online banking or other sensitive information from public or shared network computers.
  • Use only secure networks to access your Kentucky Wesleyan account or other important or sensitive transactions.

Who should I contact if I see any suspicious activity on my Kentucky Wesleyan account?
If you see any suspicious activity related to your Kentucky Wesleyan account, or if you inadvertently click on a message or a file that appears suspicious, immediately report to IT at itsupport@kwc.edu.

Who should I contact if I have additional questions?
If you have any questions about this Incident or questions regarding the content of the formal notice, please telephone our dedicated call center at 1-866-752-0071 from 8:00 am to 8:00 pm CT, Monday through Friday.