Arizona State University inadvertently exposed the email addresses of 1000 students in what is considered a breach of federal health privacy law.
The university notified 4,000 students on August 2019 that their email addresses were accidentally revealed.
In the breach, an ASU office sent bulk emails about health insurance renewal to students without masking the identity of recipients.
The unintended action was a breach of the Health Insurance Portability and Accountability Act. No protected health information was released aside from the student email addresses, the organization stated.
TPRM report: https://scoringcyber.rankiteo.com/company/arizona-state-university
"id": "ari03710423",
"linkid": "arizona-state-university",
"type": "Breach",
"date": "08/2019",
"severity": "25",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 1000,
'industry': 'Education',
'location': 'Arizona, USA',
'name': 'Arizona State University',
'type': 'Educational Institution'}],
'attack_vector': 'Email',
'data_breach': {'number_of_records_exposed': 1000,
'sensitivity_of_data': 'Low',
'type_of_data_compromised': 'Email Addresses'},
'date_detected': 'August 2019',
'date_publicly_disclosed': 'August 2019',
'description': 'Arizona State University inadvertently exposed the email '
'addresses of 1000 students in what is considered a breach of '
'federal health privacy law.',
'impact': {'data_compromised': 'Email Addresses'},
'regulatory_compliance': {'regulations_violated': 'Health Insurance '
'Portability and '
'Accountability Act '
'(HIPAA)'},
'title': 'Arizona State University Email Address Exposure',
'type': 'Data Breach',
'vulnerability_exploited': 'Improper Email Handling'}