Photo Courtesy of Connecticut College
On Feb 7th, the College came out with a press release reporting a data breach incident that took place in March 2023. As of right now, the press release reported that there is “no evidence that any personal information has been or will be misused as a direct result of this incident.” The release also noted that the College is currently “undertaking a thorough forensic investigation that includes leading cybersecurity experts to address a data security incident in which an unauthorized party accessed and/or acquired certain files maintained on the College’s computer systems.” Data that was included in this breach were social security numbers, along with credit and medical information. In an email to the campus community, President Les Wong apologized to the campus on behalf of the College about the data breach.
When asked about why the College waited a year to report the breach, Matt Gardzina, the Vice President of Information Services and Librarian of the College, wrote that “the investigation of the data security incident is ongoing and has required extensive manual (human) document review and assistance from third-party vendors to determine who and what information was impacted and to what extent. The College took a transparent and proactive step by notifying impacted individuals as soon as feasible/practicable during an ongoing investigation.” To support those whose information was involved in the breach, a response line, run by Electronic Privacy Information Center (EPIC), is available for people to ask further questions and get additional information about recommended next steps.
Soon after the press release, students noticed pop ads on Instagram from a law firm called Mason LLP, stating “students could be compensated.” When clicking on the link, students are directed to the law firm’s website stating that Mason LLP is “a civil litigation firm representing plaintiffs who have been injured or harmed by corporate misconduct.” With a lot of questions left unanswered, students, alumni, and even people who once visited the College are worried about the security of their data. When asked about how many people were impacted by the breach, Gardzina wrote that “there were a limited number of impacted individuals. The College can not provide any specific numbers as there is an ongoing investigation.” One senior who wished to be anonymous reported that she got a letter sent to her home address informing her of the data breach. She also reported that she works in the Admissions Office and has already picked up two phone calls from people who are not affiliated with the College and are worried that their data has been breached. “One called stating that he performed at the College in 2021 and somehow the College got his information and said that it was very scary and asked if this was a scam,” said the anonymous source.
When asked about steps that the College is taking to prevent future breaches, Gardzina wrote, “The College continues to implement a number of security improvements to safeguard sensitive information. In the near future, Information Services will be launching a campus-wide information security initiative to further protect our information. This may involve updating our password policy, expanding the use of Duo [Duo Security] for 2-factor authentication, and strengthening required training for those with access to sensitive information.” Overall, only time will tell more information about the reasons behind the breach and how many people were and continue to be affected.
