While no evidence yet exists that a misuse of personal data has occurred, Black Hawk College in Illinois, US, has announced notice of a data-related incident that may breach data privacy standards.
The event was experienced by an employee benefits administrator who provides employee benefits programs and administrative services to Black Hawk College.
The institution has said the incident may affect the security of information pertaining to certain current or former employees of Black Hawk College, but not its students. The college has also underlined how it treats the confidentiality, privacy, and security of information as a highest priority, and that the incident is being taken very seriously.
The event is believed to have taken place around January 14, 2021, when a Black Hawk College employee benefits administrator learned of unusual activity within the college network environment. In response, the individual took immediate steps to secure its systems, before beginning an investigation into the activity. Independent cybersecurity experts were brought in to help with the response to, and investigation of, the unusual activity identified.
The investigation, carried out fully on February 9, 2021, it was learned that certain locally-stored files from a segregated file server may have been accessed or acquired without authorization. However, it was also established that processing systems and platforms were not impacted.
On July 8, 2021, it was learned that the potentially impacted data contained information relating to individuals associated with some business partners. An evaluation then took place of the potentially impacted data elements, identities of potentially impacted individuals, and any missing address information for potentially impacted individuals. Associated business partners were then contacted about the incident.
Black Hawk College because aware of the incident on October 11, 2021, since when the college has worked with those involved to identify current mailing addresses in order to notify individuals whose information was identified within the potentially impacted files.
At this time, Black Hawk College has no evidence that any potentially impacted information has been misused. Out of caution, Black Hawk College has requested the provision of notification of the incident to the current or former employees whose names, addresses, social security numbers, and/or medical information may have been involved in the incident.
The incident has also been reported to the Federal Bureau of Investigation.