May 2023 Data Security Incident Public Notice
Friday, August 18, 2023
Bunker Hill Community College (“BHCC”) confirmed today that the college experienced a data incident in May 2023 and will issue notices to affected individuals and relevant state and federal agencies about the incident.
On May 23, 2023, BHCC detected irregular activity on certain BHCC systems that was consistent with a ransomware attack. BHCC immediately responded to the situation by taking the affected systems offline, engaging data security and privacy experts, contacting law enforcement, and simultaneously beginning an investigation. BHCC personnel were able to stop the unauthorized activity from spreading and contained the incident to a limited number of BHCC systems. BHCC’s backups were not affected by the incident, and BHCC personnel were able to restore BHCC’s network from those backups without any data loss. As a credit to the existing safeguards that BHCC had in place, BHCC personnel successfully and safely restored BHCC’s network, enabling BHCC to continue with its academic calendar without any delay.
Due to the complexity of the unauthorized activity, BHCC’s investigation is still ongoing; however, out of an abundance of caution, BHCC is providing this notice. Based on the information BHCC generally collects and maintains for students, applicants, and personnel, data including names, addresses, dates of birth, social security numbers, education records, and other personal information may potentially be involved. However, BHCC’s investigation is ongoing and specific details as to what categories of information were involved are not yet available. Note that this describes general categories of information collected and maintained by BHCC, and it likely includes categories that are not relevant to each individual. As soon as BHCC is able, individual notification letters will be mailed to affected individuals with further details. If you do not receive a letter, this indicates that your information was not involved in the incident.
Upon becoming aware of the unauthorized activity, BHCC immediately implemented measures to further improve the security of BHCC’s information technology systems and practices, including the implementation of new network security tools and new network access policies. BHCC worked with leading cybersecurity experts to aid in their investigation and response, and BHCC reported this incident to relevant government agencies and law enforcement.
The investigation is ongoing and the identities of individuals who were individually affected, if any, is not yet known. However, BHCC encourages individuals to remain vigilant against incidents of identity theft and fraud, to review their account statements, and to monitor free credit reports for suspicious activity and to detect errors. Under U.S. law, individuals are entitled to one (1) free credit report annually from each of the three (3) major credit reporting bureaus. Additional information and resources are outlined below.
Consumers have the right to place an initial or extended “fraud alert” on a credit file at no cost. An initial fraud alert is a one (1) year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If consumers are the victim of identity theft, they are entitled to an extended fraud alert, which is a fraud alert lasting seven (7) years. Should consumers wish to place a fraud alert, please contact any of the three (3) major credit reporting bureaus listed below.
As an alternative to a fraud alert, consumers have the right to place a “security freeze” on a credit report (also called a “credit freeze”), free of charge, which will prohibit a credit bureau from releasing information in the credit report without the consumer’s express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in a consumer’s name without consent. However, consumers should be aware that using a security freeze to take control over who gets access to the personal and financial information in their credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application they make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, consumers cannot be charged to place or lift a security freeze on their credit report.
Should consumers wish to place a security freeze or fraud alert, please contact the three major credit reporting bureaus listed below:
- Equifax Fraud Alert, P.O. Box 105069 Atlanta, GA 30348-5069
- Equifax Credit Freeze, P.O. Box 105788 Atlanta, GA 30348-5788
- Experian Fraud Alert, P.O. Box 9554, Allen, TX 75013
- Experian Credit Freeze, P.O. Box 9554, Allen, TX 75013
- TransUnion Fraud Alert, P.O. Box 2000, Chester, PA 19016
- TransUnion Credit Freeze, P.O. Box 160, Woodlyn, PA 19094
Consumers may obtain additional information regarding identity theft, fraud alerts, security freezes, and the steps they can take to protect your personal information by contacting the consumer reporting bureaus, the Federal Trade Commission, or their state attorney general. The Federal Trade Commission may be reached at: 600 Pennsylvania Avenue NW, Washington, D.C. 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. Consumers can obtain further information on how to file such a complaint by way of the contact information listed above. Consumers have the right to file a police report if they ever experience identity theft or fraud. Please note that in order to file a report with law enforcement for identity theft, consumers will likely need to provide some proof that they have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement and the relevant state attorney general.
BHCC Contact: firstname.lastname@example.org