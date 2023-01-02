Bristol Community College fails in handling of privacy breach
To the editor:
Re: “BCC disrupted by ‘cybersecurity incident’,” front page, Dec. 30:
With respect to the story on the Bristol Community College cybersecurity incident, it is noted the spokesperson interviewed would not elaborate on the nature of the incident.
It is also noted there was no mention of calling in law enforcement and FBI experts for assistance.
There was no mention (in the initial story) or recommendation to users of BCC systems to change every password they have ever used on any platform accessed using the BCC network.
Since BCC will not elaborate on the nature of the incident, it is sound risk management to assume personally-identifiable information such as passwords and Social Security numbers and other sensitive information has been exposed.
Notwithstanding further disclosures by BCC specifying the nature of the incident, BCC users are well-advised to change every password on every platform they have ever accessed while connected to a BCC network, and closely monitor their credit for signs of identity theft.
It would also be sound risk management for BCC to offer free credit monitoring service to all users for at least two years. This is not only industry standard practice, it is also inexpensive and shows good-faith on the part of BCC officials.
Once the incident is resolved, BCC would be well-advised to undergo a rigorous information security audit conducted by outside professionals.
Glenn Hill
Norfolk