About Green Mountain Higher Education Consortium

The Green Mountain Higher Education Consortium (GMHEC) experienced a data breach affecting the personal information of 3,184 individuals, including 37 residents of Maine. The breach involved an external hacking incident that occurred on October 30, 2024, and was discovered on November 19, 2024. The breach was handled by the entity’s counsel, Kennedys CMK LLP, with Joshua Mooney as the point of contact. Affected individuals were notified via written communication on October 29, 2025.

What Happened

On November 19, 2024, we discovered suspicious activity within our email environment. Upon discovery, we took immediate action to secure our email environment, and we partnered with cyber incident response professionals to investigate the incident. As part of the investigation, we learned that certain data two (2) employee email accounts may have been accessed or acquired by an unauthorized actor between October 30, 2024 – November 20, 2024. As a result, we underwent a comprehensive data review to determine what information was involved and to whom that information belonged. As a result of this investigation, we recently determined that certain of your personal information was included in the data set.

The breach involved unauthorized access to two employee email accounts, potentially compromising personal information. The affected individuals were those whose data was within the accessed email accounts during the period from October 30, 2024, to November 20, 2024. Affected parties were notified on October 29, 2025.

Next Steps

Affected users are advised to remain vigilant against identity theft and fraud by regularly reviewing their credit reports and account statements for any suspicious activity. It is recommended to report any unusual activity to financial institutions or service providers immediately. Users are encouraged to file a report with law enforcement, their state attorney general, and the Federal Trade Commission if they suspect identity theft. Detailed steps to protect personal information and instructions for enrolling in credit monitoring services are provided in the notification letter.

Identity Theft Protection Services

GMHEC is offering a complimentary 12-month identity theft protection service provided by TransUnion. This includes credit monitoring, identity protection, and access to a dedicated call center for assistance. Affected individuals will receive alerts of changes to their credit file, providing proactive fraud assistance. Instructions to enroll in these services have been shared with the affected parties, ensuring they have the necessary resources to protect their personal information against potential misuse.