Cerebral Palsy Research Foundation of Kansas notified 8,300 clients after discovering data had been exposed for 10 months
The CPRF team became aware that a previously used database containing client data was vulnerable for a period of 10 months.
CPRF immediately re-secured the information and began the investigation and identification process.
The database was not identified during a recent change in servers at CPRF, which temporarily exposed the information before it was re-secured.
The information compromised includes personal identifiable information and personal health information regarding the type of disability.
</p><p>Source: <a href="https://www.databreaches.net/cerebral-palsy-research-foundation-of-kansas-notifying-8300-clients-after-discovering-data-had-been-exposed-for-10-months/">https://www.databreaches.net/cerebral-palsy-research-foundation-of-kansas-notifying-8300-clients-after-discovering-data-had-been-exposed-for-10-months/</a></p><p>TPRM report: <a href="https://scoringcyber.rankiteo.com/company/cerebral-palsy-foundation">https://scoringcyber.rankiteo.com/company/cerebral-palsy-foundation</a></p>
"id": "cer2324722",
"linkid": "cerebral-palsy-foundation",
"type": "Data Leak",
"date": "05/2018",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'customers_affected': 8300,
'industry': 'Healthcare',
'location': 'Kansas',
'name': 'Cerebral Palsy Research Foundation of Kansas',
'type': 'Non-profit Organization'}],
'data_breach': {'number_of_records_exposed': 8300,
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['personal identifiable '
'information',
'personal health information']},
'description': 'Cerebral Palsy Research Foundation of Kansas notified 8,300 '
'clients after discovering data had been exposed for 10 '
'months. The CPRF team became aware that a previously used '
'database containing client data was vulnerable for a period '
'of 10 months. CPRF immediately re-secured the information and '
'began the investigation and identification process. The '
'database was not identified during a recent change in servers '
'at CPRF, which temporarily exposed the information before it '
'was re-secured. The information compromised includes personal '
'identifiable information and personal health information '
'regarding the type of disability.',
'impact': {'data_compromised': ['personal identifiable information',
'personal health information regarding the '
'type of disability']},
'post_incident_analysis': {'root_causes': ['change in servers']},
'response': {'remediation_measures': ['re-secured the information']},
'title': 'Data Exposure at Cerebral Palsy Research Foundation of Kansas',
'type': 'Data Exposure'}