On November 15, 2016, Claremont University Consortium experienced a data breach when a laptop containing sensitive personal information including names and Social Security numbers was stolen from an employee’s locked vehicle. The incident was reported to the California Office of the Attorney General on December 22, 2016. The breach involved unauthorized access to confidential data, though the exact number of affected individuals remains undisclosed. The stolen device contained personally identifiable information (PII), raising concerns about potential identity theft or fraud. The breach highlights vulnerabilities in physical security measures for storing sensitive data, particularly when devices are left in vehicles, even if locked. While no immediate evidence of data misuse was reported, the exposure of Social Security numbers poses long-term risks for those impacted, including financial fraud or unauthorized account access. The incident underscores the need for stricter data protection protocols, such as encryption and secure storage practices, to mitigate similar risks in the future.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-65602
TPRM report: https://www.rankiteo.com/company/cgu-icdc
"id": "cgu1059090725",
"linkid": "cgu-icdc",
"type": "Breach",
"date": "11/2016",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Higher Education',
'location': 'Claremont, California, USA',
'name': 'Claremont University Consortium',
'type': 'Educational Institution'}],
'attack_vector': 'Theft of Physical Device (Laptop)',
'data_breach': {'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High (SSNs included)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2016-11-15',
'date_publicly_disclosed': '2016-12-22',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Claremont University Consortium on December '
'22, 2016. The breach occurred on November 15, 2016, when a '
'laptop containing confidential information, including names '
"and Social Security numbers, was stolen from an employee's "
'locked vehicle. The number of individuals affected is '
'unknown.',
'impact': {'data_compromised': ['Names', 'Social Security Numbers'],
'identity_theft_risk': 'High (PII exposed)',
'systems_affected': ['Laptop']},
'post_incident_analysis': {'root_causes': 'Theft of unsecured laptop '
'containing sensitive data'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to California '
'Office of the Attorney '
'General'},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'Data Breach at Claremont University Consortium (2016)',
'type': 'Data Breach (Physical Theft)'}