| July 24, 2020 | | | | Dear Account Holder: | | The Chronicle of Higher Education, Inc. understands the importance of protecting the information we maintain. We are writing to inform you about an incident involving information for some online accounts to chronicle.com, philanthropy.com, and/or chroniclevitae.com. Although to date we have no evidence that this incident involved your account information, we are notifying you out of an abundance of caution to let you know this happened and assure you we take it very seriously. This notice explains the incident and measures we have taken. | | WHAT HAPPENED: On June 19, 2020, The Chronicle completed our investigation of reports it received that some of our data may have become accessible online. Through the investigation, we confirmed that unauthorized parties made data for some online accounts to chronicle.com, philanthropy.com, and chroniclevitae.com accessible online. Upon learning of this, The Chronicle launched an investigation with the assistance of a leading cybersecurity firm, and law enforcement was notified. Through the investigation, The Chronicle determined that unauthorized parties had exploited a vulnerability in one of The Chronicle’s servers, through which they were able to obtain limited account information. | | WHAT INFORMATION WAS INVOLVED: The information posted online is limited to account holder names, email addresses, usernames, and passwords for some online accounts to chronicle.com, philanthropy.com, and/or chroniclevitae.com. Although The Chronicle “hashed” and “salted” passwords for online accounts in our database, meaning that a cryptographic process was used to render the actual passwords indecipherable to third parties and that they were not maintained in plain text, the unauthorized parties were able to bypass the cryptographic “hashing” and “salting” process, making the passwords for some online account passwords accessible in plain text. To date, we have no evidence that this incident involved your online account information or that there has been unauthorized access to any online accounts. | | WHAT YOU CAN DO: Out of an abundance of caution, The Chronicle reset passwords to all online accounts on June 16, 2020, so that the passwords for the accounts are no longer valid. If you have not logged in since that date, the next time you log in to your online account(s), you will be prompted to change your password(s). | | WHAT WE ARE DOING: In addition to resetting the password(s) to all online accounts using stronger “hashing” and “salting” technology, we have taken steps to help prevent a similar incident from occurring in the future, including the replacement of the server with the unauthorized access, as well as additional procedures to further expand and strengthen security processes. | | FOR MORE INFORMATION: We regret any inconvenience or concern this may cause you. If you have any questions, please call 1-833-579-1097, Monday – Friday, 9:00 a.m. to 9:00 p.m., Eastern Daylight Time. | Sincerely,
Ken Sands
Ken Sands
General Manager, Online |
|
