The organization detected suspicious network activity on March 21, 2025, prompting an immediate shutdown of its systems to contain the threat. Working alongside cybersecurity specialists, NCCER spent over a year investigating the extent of the unauthorized access. The internal review, concluded on April 12, 2026, revealed that attackers successfully removed files containing a broad spectrum of sensitive data. Compromised records include passport numbers, driver’s licenses, military identification, alien registration numbers, and financial account details, alongside fingerprint data.

Despite the severity of the exposure, NCCER claims it has no evidence that the stolen information has been used for fraud or identity theft. Notification efforts began on April 27, 2026, with Florida residents receiving updates via U.S. mail throughout May. Those individuals whose Social Security numbers were included in the stolen files have been offered complimentary credit monitoring and identity protection services.