Friday, Massachusetts Bay Community College in Wellesley sent out letters to roughly 2,000 employees, past and present, informing them there was a security breach in the college's personnel software. It was an internal breach, meaning that some employees, past and present, has access to personal information, including social security numbers.
On Monday, the College, which has a , held a Town Meeting for employees, past and present, who were entered into the college's PeopleSoft system, to explain how about 400 employees had access to the 2,000 employees' personal information, including street addresses and social security numbers.
In late October, an employee at the college realized she could see other employees' personal information. She immediately reported the issue to the college, said Jeremy Solomon, assistant vice president for communications at the college.
Solomon said the college took immediate and swift steps to fix the problem. He said the college notified the Massachusetts Attorney General's office, the state's consumer affairs bureau, removed all personal information from that database, substantially lowered the number of employees who could view personal information at the college, sent a letter to every current and past employee in the database since it was established in 2002 and held a Town meeting for those affected to ask questions.
"We are taking this situation very seriously. We believe we have taken all the appropriate steps, so this type of security breach will never happen again," said Solomon
"As a college, we are relived that this is not a situation than an outside party hacked into our system. It is a failure of our internal controls," said Solomon. "Of the roughly 400 individuals, who might have had access; we strongly belief very few knew they had the ability to see personal information so the exposure was quite limited in scope."
Solomon said there is "no evidence that anyone has taken the data for any criminal activity."
"We are encouraging employees to be diligent and monitor their credit reports," said Solomon.
"The scope of the breach is much larger than what we had thought in october," said Solomon, who added the college has purchased a human resources software program to better control data, and installed a new auditing feature to allow the college to track any requests for personal information.