From the college’s press release of August 18:
Bunker Hill Community College (“BHCC”) confirmed today that the college experienced a data incident in May 2023 and will issue notices to affected individuals and relevant state and federal agencies about the incident.
On May 23, 2023, BHCC detected irregular activity on certain BHCC systems that was consistent with a ransomware attack. BHCC immediately responded to the situation by taking the affected systems offline, engaging data security and privacy experts, contacting law enforcement, and simultaneously beginning an investigation. BHCC personnel were able to stop the unauthorized activity from spreading and contained the incident to a limited number of BHCC systems. BHCC’s backups were not affected by the incident, and BHCC personnel were able to restore BHCC’s network from those backups without any data loss. As a credit to the existing safeguards that BHCC had in place, BHCC personnel successfully and safely restored BHCC’s network, enabling BHCC to continue with its academic calendar without any delay.
Due to the complexity of the unauthorized activity, BHCC’s investigation is still ongoing; however, out of an abundance of caution, BHCC is providing this notice. Based on the information BHCC generally collects and maintains for students, applicants, and personnel, data including names, addresses, dates of birth, social security numbers, education records, and other personal information may potentially be involved. However, BHCC’s investigation is ongoing and specific details as to what categories of information were involved are not yet available. Note that this describes general categories of information collected and maintained by BHCC, and it likely includes categories that are not relevant to each individual. As soon as BHCC is able, individual notification letters will be mailed to affected individuals with further details. If you do not receive a letter, this indicates that your information was not involved in the incident.
Read more of their press release.
BHCC does not disclose whether they received any ransom demand or not and whether they confirmed that data was actually exfiltrated during the attack. DataBreaches sent the college an email inquiry, but no reply was immediately received.