Our Privacy Incident Response

0:00 / 0:00

A message from our President

An Open Letter to the College of New Caledonia Community

To our CNC community,

At the College of New Caledonia, the trust that our employees and students place in us to safeguard their personal information is something we take extremely seriously. It is with deep respect that I share important information regarding a recent security incident that affected our community.

What Happened?

On March 5, 2025, we were alerted through our IT security systems that an individual had gained limited unauthorized access to certain areas of our computer network. We immediately took steps to contain the situation and engaged leading external cybersecurity experts and legal counsel to investigate the matter fully.

Our systems are secure and thankfully, the incident caused no operational disruption. Our classes continued unaffected throughout.

What Information was involved?

Our investigation revealed that there was limited unauthorized access to personal information, on or before October 31, 2024.

While we have no evidence that any of the personal information was used for any malicious or improper purposes, we are notifying all impacted individuals out of an abundance of caution to provide them information, support and resources.

However, we have notified individuals so that they can take any steps necessary to protect themselves.

Steps We’ve Taken

Please know that we take matters of data security extremely seriously and are committed to the safekeeping of the information we hold on our systems. As soon as we learned of the incident, we immediately engaged a team of security experts to ensure our network and systems were fully secured. We took systems offline, reset all user accounts, and changed all passwords and credentials. We also implemented additional network security monitoring solutions, increased endpoint vulnerability management, enhanced auditing, and enhanced firewall controls.

We notified the RCMP and the BC Privacy Commissioner on July 7, 2025. We are also providing support to those impacted, and some further information is available on this web page to help answer queries or concerns you may have.

Recommended Steps

As mentioned above, our investigation found no evidence that any information was used for malicious or improper purposes. However, it is always good practice to stay vigilant and take steps to look after your personal information, as suggested below.

  1. Be on the look out for signs of identity fraud.
    • Potential signs of identity fraud include suspicious activity on your accounts, unauthorized redirection of mail, unauthorized porting of your mobile phone, or receiving goods or services that you did not order.
  2. Be wary of social engineering attempts.

    To protect yourself against social engineering:
    • Be wary of anyone that contacts you and requests personal information or access credentials from you, even if they appear to know other details about you;
    • Do not respond to email or text messages asking for personal information – few legitimate organizations will ask for personal information by email or text;
    • Be on the lookout for spoofed email address - hover over the e-mail address to see and verify the exact e-mail address (rather than just the name used);
    • Be careful of unsolicited telephone calls which purport to be from a government authority or business;
    • Remain vigilant regarding any suspicious emails that ask you to open attachments or click on links - do not click on links unless you have confirmed they are legitimate;
    • Be suspicious of any requests for changes made to payment instructions and confirm all such changes by phone call to known and trusted numbers; and,
    • If in doubt, send an independent e-mail (i.e., do not click “reply”) to the sender to confirm the contents of the original e-mail, or alternatively, call the sender to confirm they sent the e-mail.

We are sorry for any inconvenience this incident may cause. Transparency, accountability, and the safety of our community are central to who we are. We are committed to strengthening our systems further and maintaining the trust that our students and employees place in CNC.

Should you have additional questions or concerns, please contact 1-833-294-7146. Help is available Monday-Friday, from 8:00 a.m. to 8:00 p.m. EST.

Sincerely,
Cindy Heitman
President
College of New Caledonia

Common Questions

FAQs

  • What happened?

  • Are CNC’s systems safe to use?

  • What action do I need to take? Should I change my password?

  • Have you alerted the relevant authorities?

  • How do I know if my personal information has been impacted in this incident?

  • I received a notification letter… what should I do next?

  • Why are you issuing notifications now rather than when you first found out about the incident?

  • How can I be sure that this won’t happen again?

  • How will this incident impact classes at the College of New Caledonia?

  • How have you been notifying those impacted by the breach?