Our Privacy Incident Response

Drag

0:00 / 0:00

A message from our President

An Open Letter to the College of New Caledonia Community

To our CNC community,

At the College of New Caledonia, the trust that our employees and students place in us to safeguard their personal information is something we take extremely seriously. It is with deep respect that I share important information regarding a recent security incident that affected our community.

What Happened?

On March 5, 2025, we were alerted through our IT security systems that an individual had gained limited unauthorized access to certain areas of our computer network. We immediately took steps to contain the situation and engaged leading external cybersecurity experts and legal counsel to investigate the matter fully.

Our systems are secure and thankfully, the incident caused no operational disruption. Our classes continued unaffected throughout.

What Information was involved?

Our investigation revealed that there was limited unauthorized access to personal information, on or before October 31, 2024.

While we have no evidence that any of the personal information was used for any malicious or improper purposes, we are notifying all impacted individuals out of an abundance of caution to provide them information, support and resources.

However, we have notified individuals so that they can take any steps necessary to protect themselves.

Steps We’ve Taken

Please know that we take matters of data security extremely seriously and are committed to the safekeeping of the information we hold on our systems. As soon as we learned of the incident, we immediately engaged a team of security experts to ensure our network and systems were fully secured. We took systems offline, reset all user accounts, and changed all passwords and credentials. We also implemented additional network security monitoring solutions, increased endpoint vulnerability management, enhanced auditing, and enhanced firewall controls.

We notified the RCMP and the BC Privacy Commissioner on July 7, 2025. We are also providing support to those impacted, and some further information is available on this web page to help answer queries or concerns you may have.

Recommended Steps

As mentioned above, our investigation found no evidence that any information was used for malicious or improper purposes. However, it is always good practice to stay vigilant and take steps to look after your personal information, as suggested below.

Be on the look out for signs of identity fraud.
- Potential signs of identity fraud include suspicious activity on your accounts, unauthorized redirection of mail, unauthorized porting of your mobile phone, or receiving goods or services that you did not order.
Be wary of social engineering attempts.

To protect yourself against social engineering:
- Be wary of anyone that contacts you and requests personal information or access credentials from you, even if they appear to know other details about you;
- Do not respond to email or text messages asking for personal information – few legitimate organizations will ask for personal information by email or text;
- Be on the lookout for spoofed email address - hover over the e-mail address to see and verify the exact e-mail address (rather than just the name used);
- Be careful of unsolicited telephone calls which purport to be from a government authority or business;
- Remain vigilant regarding any suspicious emails that ask you to open attachments or click on links - do not click on links unless you have confirmed they are legitimate;
- Be suspicious of any requests for changes made to payment instructions and confirm all such changes by phone call to known and trusted numbers; and,
- If in doubt, send an independent e-mail (i.e., do not click “reply”) to the sender to confirm the contents of the original e-mail, or alternatively, call the sender to confirm they sent the e-mail.

We are sorry for any inconvenience this incident may cause. Transparency, accountability, and the safety of our community are central to who we are. We are committed to strengthening our systems further and maintaining the trust that our students and employees place in CNC.

Should you have additional questions or concerns, please contact 1-833-294-7146. Help is available Monday-Friday, from 8:00 a.m. to 8:00 p.m. EST.

Sincerely,
Cindy Heitman
President
College of New Caledonia

Common Questions

Expand all

FAQs

What happened?

On March 5, 2025, we learned that an unauthorized individual gained limited access to our online systems. We took immediate steps to respond and engaged cybersecurity experts to help us investigate the cause and scope of the incident.

We took immediate steps to contain and respond to the unauthorized access. This included retaining external security experts, taking systems offline, resetting all user accounts, and changing all passwords and credentials.

We are confident that our systems are now safe and secure to use once again. The unauthorized access caused no operational disruption to our college or classes.
Are CNC’s systems safe to use?

Yes. We are confident that our systems are secure and are safe for use by all students and employees.
What action do I need to take? Should I change my password?

No action is required by you at this time. We are confident that our systems are secure and safe for use by all students and employees.

If you are an individual who has had your personal information impacted, you will have received a notification letter from us, which details our recommended steps.
Have you alerted the relevant authorities?

We have notified relevant authorities and regulators and have referred the matter to law enforcement.
How do I know if my personal information has been impacted in this incident?

If you are an employee or student of CNC and were impacted by this incident, you will have received a notification letter from us.

For our wider community, we are sharing further details of the incident here on this webpage in the interest of transparency.

It is always good practice to remain vigilant for any potential signs of identity fraud such as suspicious activity on your accounts, unauthorized redirection of mail, unauthorized porting of your mobile phone, or receiving goods or services that you did not order.
I received a notification letter… what should I do next?

Please follow the guidance in the letter. It sets out the support that we are offering to you.
Why are you issuing notifications now rather than when you first found out about the incident?

As soon as we learned of the incident, we immediately engaged a team of security experts to ensure our network and systems were fully secured. We took systems offline, reset all user accounts, and changed all passwords and credentials. We launched a full investigation with the help of external cybersecurity experts.

We also implemented additional network security monitoring solutions, increased endpoint vulnerability management, enhanced auditing, and enhanced firewall controls. CNC continues to prioritize information security through continuous improvement to identity and access management, privileged access management and robust cybersecurity solutions.

We wanted to wait until our investigation was complete to ensure that our information related to the breach is comprehensive and accurate.
How can I be sure that this won’t happen again?

As mentioned, we took immediate steps to contain and respond to the incident. This included retaining external security experts, taking systems offline, resetting all user accounts, and changing all passwords and credentials.

We launched a full investigation into the cause and scope of the incident with support from external cybersecurity experts. Our investigation has concluded and we have implemented further security measures to ensure that this doesn’t happen again.
How will this incident impact classes at the College of New Caledonia?

The unauthorized access caused no operational disruption. Our classes have remained unaffected throughout this time.

We are confident that our systems are safe and secure to use. Classes will continue without interruption moving forward.
How have you been notifying those impacted by the breach?

We sent emails or letters to individuals who have had their personal information impacted by this incident. We have also included details about this incident on our website. For avoidance of any doubt, all email notifications will be sent from cnc@cyberscout.com.

Contact Us

Tel: +1-833-294-7146 breachsupport@cnc.bc.ca

Monday-Friday, from 8:00 a.m. to 8:00 p.m. EST.

Areas of Study

Campuses

Services at Prince George Campus

Services at Burns Lake Campus

Services at Fort St. James Campus

Services at Mackenzie Campus

Services at Quesnel Campus

Services at Vanderhoof Campus

Prince George

Burns Lake

Fort St. James

Mackenzie

Quesnel

Vanderhoof

Governance

Initiatives & Reports

Our Privacy Incident Response

A message from our President

An Open Letter to the College of New Caledonia Community

What Happened?

What Information was involved?

Steps We’ve Taken

Recommended Steps

Common Questions

FAQs

What happened?

Are CNC’s systems safe to use?

What action do I need to take? Should I change my password?

Have you alerted the relevant authorities?

How do I know if my personal information has been impacted in this incident?

I received a notification letter… what should I do next?

Why are you issuing notifications now rather than when you first found out about the incident?

How can I be sure that this won’t happen again?

How will this incident impact classes at the College of New Caledonia?

How have you been notifying those impacted by the breach?

Contact Us

Prince George Campus

Information for

Popular Links

Get in Touch