More than 170,000 people had their information compromised when hackers gained access to Lansing Community College's systems last year, Security Week reported.

After LCC Data Breach, Expert Warns Cybercriminals Turn Stolen Information Into Scams

More than 170,000 people had their information compromised when hackers gained access to Lansing Community College’s systems, Security Week reported this week. 

In February 2025, LCC found that hackers stole information like names, addresses, driver’s license details and social security numbers, according to Security Week. An LCC spokesperson declined to comment when reached by East Lansing Info, saying the college is contacting those impacted directly. 

This was the second large data breach in four years at LCC, as information stealing has become more common nationally

Hackers commonly target large corporations that are known to have masses of sensitive data. Breaches at smaller institutions, like LCC, are often opportunistic, explained Rachel McNealey, an assistant professor of criminal justice at Michigan State University who researches cybercrimes. 

These opportunistic breaches can occur for many different reasons, from an institution having an unsecure password to using outdated software to an employee leaking information, McNealey said.

“LCC is really the only who knows what they can do to keep this same kind of thing from happening again,” she said. 

People who steal information often sell it in bulk to others who use the information to carry out scams, McNealey said. 

A photo of MSU Criminal Justice Assistant Professor Rachel McNealey. (From MSU)

Stolen information can be used to take harmful actions like applying for loans in other people’s names, McNealey explained. Those who have their information compromised can prevent this by taking advantage of free credit monitoring programs, which LCC is offering to those impacted by the recent breach, or by temporarily freezing their credit. 

More commonly, cybercriminals collect personal information to build detailed profiles of individuals, which they then use to carry out phishing attacks and other scams, McNealey said. People whose information was recently compromised should be especially wary of such schemes.

Phishing scams are a common scheme where people receive seemingly legitimate texts or emails from well-known entities like government agencies or private companies. These messages often ask recipients to click on a harmful link or make a payment. 

In March, Michigan Attorney General Dana Nessel issued a statement warning of a large phishing scam involving fraudulent text messages that urged residents to pay outstanding toll bills.

Previously, phishing schemes could often be easily identified because messages would include typos and incorrect information, McNealey said. However, scammers now use artificial intelligence to write realistic messages, and cybercriminals have gained access to so much information, they are able to craft personalized messages that make the scams seem real, McNealey said. 

The new wave of hyper-targeted phishing scams have become known as “spear phishing” schemes by experts. 

“If you have someone’s address and other personal information about them … you can send them an email that’s highly personalized to them and makes them much more likely to click on a file that you attached or click on a link,” McNealey said. “You can make it incredibly targeted to that person.” 

People are sometimes tricked into downloading files that contain viruses that allow scammers to obtain information from computers like usernames and passwords and even gain access to credit cards and bank accounts, McNealey said. 

To avoid falling victim to a phishing scam, McNealey said to preview links and always check to make sure email handles and phone numbers match the organization that is supposedly sending a message. 

With the increase of information theft and cybercrimes, McNealey said everyone should take basic safety steps like avoiding duplicative passwords and setting up two-factor authentication. 

“If they have a username, password combination, they’ll do what’s called ‘credential stuffing,’” she said. “Knowing that most people use the same password for everything, they’ll just spam the login combination on as many sites as possible and see if they can get in.

“If you use the same password between, like your bank and your throwaway Reddit account, you don’t care about the Reddit account. But [scammers] can use that to log in to your bank account, if you use the same password.” 

Data breaches have become so common that many people assume it is only a matter of time before their personal information is compromised. It remains critical to take precautions to prevent stolen data from being used to access bank accounts or other sensitive systems, McNealey said.

“It’s just staying vigilant, which is so hard and frankly annoying,” she said.