
Northwest Iowa Community College, a public two-year college in Sheldon, Iowa, that serves about 7,000 credit and non-credit students each year, disclosed a data breach that occurred in late November 2025.
The breach was disclosed to the Iowa Attorney General on July 8, 2026, with 16,004 Iowa residents identified as potentially affected. The college first discovered the breach on Nov. 26, 2025, and began notifying affected individuals by mail on July 8, 2026.
On or around Nov. 26, 2025, Northwest Iowa Community College became aware of unauthorized activity within its computer systems, according to the college's notification letter to affected individuals.
Upon making this discovery, the college quickly took steps to secure its network and brought in third-party specialists to look into the nature and scope of the event.
The investigation found that information may have been accessed or downloaded without authorization between Nov. 24 and Nov. 26, 2025. After confirming how far the unauthorized activity reached, the college began a detailed review of the potentially affected information.
The types of information potentially exposed included names and Social Security numbers. Because Social Security numbers are among the most sensitive pieces of personal information, their exposure raises serious concerns about the risk of identity theft and fraud for affected individuals.
The college began mailing written notices to potentially affected individuals on July 8, 2026.
Given the sensitivity of the information exposed, the college is offering all affected individuals 12 months of complimentary credit monitoring and identity protection services through Cyberscout, a TransUnion company that specializes in fraud assistance and remediation. The services include single bureau credit monitoring, a single bureau credit report, a single bureau credit score and proactive fraud assistance. Individuals who enroll will receive same-day alerts whenever changes are made to their credit file, helping them quickly spot any suspicious activity.
To enroll in these free services, affected individuals should visit the Cyberscout enrollment page and enter the unique code that was included in their notification letter. Enrollment must be completed within 90 days of the date printed on the letter. The enrollment process requires an internet connection and an email account and may not be available to minors under the age of 18.
The college has also set up a dedicated call center to answer questions about the breach. According to the notification letter, the call center is available Monday through Friday from 8:00 a.m. to 8:00 p.m. Eastern Time, excluding holidays. The phone number for the call center is included in each individual's notification letter. People can also reach the college by writing to 603 W. Park St., Sheldon, IA 51201.
It is important for anyone who receives a notification letter to read it carefully and take prompt action. The letter contains a unique enrollment code that is needed to sign up for credit monitoring. Without that code, individuals will not be able to access the free services being offered.








.webp)
.webp)
.webp)

.webp)
.webp)
.webp)
.webp)