News

Drivestream data breach impacts St. Olaf employees

Joel Tauro, Contributing Writer • February 18, 2026

Entrance to the IT Desk.

On Dec. 9, 2024, Drivestream Inc. — a technology services firm that St. Olaf utilizes — noticed suspicious activity at one of its centers that was migrating St. Olaf’s employee data to a new Human Capital Management system. After launching an investigation, Drivestream determined that between Dec. 4, 2024 and Dec. 9, 2024, an unauthorized actor accessed certain systems that contained financial account information along with the person’s name and downloaded certain files from those systems.

The system that was accessed was a secure file transfer service that Divestream’s customers

used to transmit data. At the time of the unauthorized access, spreadsheets containing

information about St. Olaf employees and their dependents, as well as spreadsheets containing Social Security numbers, were present in the system.

Story continues below advertisement

“When St. Olaf was made aware, impacted individuals received further information from the college on next steps they could take to protect their information,” Chief Information Officer for Libraries and IT Roberta Lembke wrote in an email interview with The Olaf Messenger. “At St. Olaf, we strive to inform and educate our campus on how to protect their information and we are committed to supporting our community.”

Due to the company’s logging of its internal systems, the specific data that was accessed and downloaded remains unknown. St. Olaf was also just one of the many Drivestream customers affected by the breach.

Drivestream was supporting St. Olaf during the data migration to the Ole Information System for

Human Resources and Finance, and informed the College of this intrusion on Oct. 10, 2025. This was after their personal investigation had concluded, which allowed them to confirm the nature and scope of what had happened, confirm the security of their systems, review the contents of the data that had been accessed for sensitive information, and notify the impacted individuals associated with the breach.

The company noted that there was no evidence of any identity theft or fraud occurring in connection with the incident. They reported the breach to law enforcement and notified the applicable regulatory authorities.

Letters were sent by the company to specific college members — students and staff alike — whose information was present on the system. These letters reported the events that unfolded, the actions taken by the company in response, as well as 12 months of complimentary access to credit monitoring and identity theft protection services through Epiq Privacy Solutions ID. The cost of the service is being covered by Drivestream, but individuals do need to complete the enrollment process themselves due to privacy restrictions.

Members of the community affected by the breach should remain vigilant against incidents of

identity theft and fraud by reviewing account statements and monitoring credit reports. Anyone

with additional questions should reach out to Drivestream Inc. directly.

Donate to The Olaf Messenger

$660

$1000

Contributed

Our Goal

Thank you for donating to The Olaf Messenger! Your donation will support the student journalists of St. Olaf College. Your contribution will allow us to purchase equipment, cover our annual website hosting costs, and print more physical copies for the campus community.

About the Contributor

Jade Jimenez, Illustrator

Jade Jimenez is a sophomore from the Houston, Texas! In her spare time, Jade loves going to art galleries, creating art, and writing letters. After college, she hopes to become an English and Visual Arts teacher, trilingual, and possibly do grad school or get a PhD. One day, she hopes to sell her artworks and create her own comic.