National Center for Construction Education & Research (NCCER) disclosed a data breach after cybercriminals gained unauthorized access to its network and exfiltrated sensitive files. The incident exposed personal information, including Social Security numbers, and impacted individuals across multiple states.
National Center for Construction Education & Research’s Data Breach Investigation
National Center for Construction Education & Research (“NCCER”) recently disclosed a cybersecurity incident involving unauthorized access to its internal network. NCCER is a Florida-based nonprofit organization that provides standardized training, assessments, and credentialing programs for workers in the construction industry. According to the company’s notice filed with the Maine Attorney General, the organization became aware of suspicious activity on March 21, 2025.
After discovering the incident, NCCER reportedly took immediate steps to investigate and contain the breach. The organization temporarily took systems offline while it worked with outside legal counsel and cybersecurity forensic specialists to determine the nature and scope of the attack. Investigators later concluded that cybercriminals had successfully exfiltrated files from NCCER’s network without authorization. The threat actor identified in the filing was the Quilin ransomware group.
As part of the response process, NCCER launched a detailed review to determine what information may have been exposed and which individuals were affected. The organization engaged a data review team around June 20, 2025, to analyze the compromised files and identify impacted consumers. According to the filing, the data mining review process continued through March 2026 due to the volume and complexity of the materials involved.
NCCER also conducted a supplemental review to classify data subjects and verify the identities of affected individuals before issuing notifications. That review reportedly concluded around April 12, 2026. The organization then performed an address verification process to ensure notices could be mailed directly to impacted individuals.
The company began notifying affected individuals on a rolling basis starting April 27, 2026. Maine residents received written notification letters on May 1, May 15, and May 21, 2026. According to the notice, at least twenty-four Maine residents were affected by the breach.
The breach notification letter explained that the attackers may have acquired sensitive personal data belonging to affected individuals. NCCER stated that, at the time notices were sent, there was no evidence indicating misuse of the exposed information for identity theft or fraud. However, the organization acknowledged that personal information had been accessed by unauthorized actors.
The incident is particularly concerning because the compromised information included Social Security numbers. Exposure of Social Security numbers can create long-term risks for affected individuals, including identity theft, fraudulent tax filings, unauthorized financial activity, and credit fraud. Cybercriminals frequently target this type of information because it can be used to open accounts, apply for loans, or commit other forms of financial fraud in another person’s name.
In response to the incident, NCCER stated that it implemented additional security measures, reset account passwords, and worked to strengthen its systems against future attacks. The organization also reported the matter to federal law enforcement authorities.
To assist affected individuals, NCCER is offering twelve months of complimentary credit monitoring and identity protection services through Cyberscout, a TransUnion company. The services include single-bureau credit monitoring, dark web monitoring, identity theft recovery assistance, and access to a professional call center for fraud support services.
Data breaches involving Social Security numbers can leave victims vulnerable long after the initial cyberattack. Even if fraud is not immediately detected, stolen personal information may later appear for sale on dark web marketplaces or be used in future scams. Consumers impacted by breaches often face ongoing concerns about financial security, identity misuse, and privacy violations.
As data breach lawsuits continue to increase nationwide, organizations that collect and store sensitive consumer information may face legal scrutiny regarding whether reasonable cybersecurity safeguards were in place before an attack occurred. Individuals affected by the NCCER breach may wish to learn more about their legal rights and whether compensation could be available for damages related to the exposure of their personal information.
When Did This Breach Occur?
NCCER became aware of unauthorized activity on its network on March 21, 2025. The organization later determined that files had been exfiltrated during the cyberattack.
The company’s data review process began around June 20, 2025, and concluded in March 2026, with supplemental review completed around April 12, 2026. Affected individuals began receiving notification letters starting on April 27, 2026, with Maine residents notified on May 1, May 15, and May 21, 2026.
What Information Was Breached?
According to NCCER’s notice, the following types of personal information were potentially exposed in the data breach:
- Full names
- Social Security numbers
- Other personally identifiable information contained in compromised files
What You Can Do
If you received a data breach notification from NCCER, there are several important steps you may consider taking to help protect yourself from identity theft and fraud.
First, monitor your financial accounts, credit reports, and insurance statements for suspicious activity. Unauthorized transactions or unfamiliar accounts could indicate misuse of your information. You may also consider placing a fraud alert or security freeze on your credit files with the major credit reporting agencies.
NCCER is offering complimentary credit monitoring and identity protection services through Cyberscout. Individuals who received notification letters should review enrollment instructions carefully and activate the services before the deadline listed in the notice.
It is also important to remain cautious of phishing emails, phone scams, or suspicious messages that reference the breach. Cybercriminals often use publicly reported incidents to target affected consumers with fraudulent communications designed to steal additional information.
Many people affected by data breaches do not realize they may have legal rights. Data breach lawsuits can help consumers pursue compensation for damages related to identity theft risks, financial harm, lost time, and privacy concerns. Learning about your legal options may help you better understand what protections and remedies may be available.
File a Data Breach Lawsuit Against National Center for Construction Education & Research
If you received a data breach notification from National Center for Construction Education & Research, you may be eligible to pursue compensation through a data breach lawsuit.
Companies and organizations that collect sensitive personal information may have a responsibility to implement reasonable cybersecurity protections to safeguard consumer data. When Social Security numbers and other sensitive information are exposed in a cyberattack, affected individuals can face serious risks involving fraud, identity theft, and long-term financial harm.
A class action lawsuit may help impacted individuals recover compensation for out-of-pocket expenses, lost time, identity protection costs, and other damages associated with the breach. In some cases, lawsuits may also encourage organizations to strengthen their cybersecurity practices to better protect consumer information in the future.
Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.
