According to the school, “BHCC immediately responded to the situation by taking the affected systems offline, contacting law enforcement, and engaging data security and privacy experts to conduct an investigation. BHCC personnel were able to stop the unauthorized activity from spreading and contained the Incident to a limited number of BHCC systems.“
Thankfully, the school’s backups were left alone, allowing a full restoration with minimal downtime. While each individual may have had different information exposed, it could have included: name, date of birth, Social Security number, driver’s license number, state identification number, U.S. alien identification number, passport number, financial account number in combination with routing number, credit/debit card number, username and password, medical information, and health insurance information.
In the aftermath, BHCC took swift action to secure its systems. They reset and strengthened passwords and implemented more robust policies in the ensuing months. According to information posted on their website, the school collaborated with leading cybersecurity experts to aid in the investigation and response to the incident.
To further assist those who may have been affected, BHCC is offering free credit monitoring services.
BHCC's rapid action, transparent communication, and commitment to ongoing improvement is what educational institutions facing the growing threat of cyberattacks should strive to emulate.