Catholic Diocese of Cleveland

On April 29, 2024, the Vermont Office of the Attorney General disclosed a data breach affecting the Catholic Diocese of Cleveland. The incident occurred between December 14, 2023, and January 12, 2024, when unauthorized actors gained access to an employee’s business email account. The breach may have exposed personal information, including names, though the exact number of impacted individuals remains undetermined. The compromised email account suggests potential risks of phishing or credential theft, leading to unauthorized data access. While the full scope of the breach is still under investigation, the exposure of employee-related communications raises concerns about internal data security protocols and the possibility of further exploitation of sensitive information. The Diocese has not confirmed whether additional details such as financial records, contact information, or other personally identifiable data were accessed, but the incident underscores vulnerabilities in email security and employee account protection.

Source: https://ago.vermont.gov/document/2024-04-29-catholic-diocese-cleveland-data-breach-notice-consumers

TPRM report: https://www.rankiteo.com/company/diocese-of-cleveland

"id": "dio020091825",
"linkid": "diocese-of-cleveland",
"type": "Breach",
"date": "12/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': 'Unknown',
                        'industry': 'Non-Profit / Religious',
                        'location': 'Cleveland, Ohio, USA',
                        'name': 'Catholic Diocese of Cleveland',
                        'type': 'Religious Organization'}],
 'attack_vector': 'Unauthorized Access (Email Account Compromise)',
 'data_breach': {'number_of_records_exposed': 'Unknown',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'Moderate',
                 'type_of_data_compromised': ['Personal Information (Names)']},
 'date_detected': '2024-01-12',
 'date_publicly_disclosed': '2024-04-29',
 'description': 'On April 29, 2024, the Vermont Office of the Attorney General '
                'reported a data breach involving the Catholic Diocese of '
                'Cleveland. The breach occurred between December 14, 2023, and '
                "January 12, 2024, when unauthorized access to an employee's "
                'business email account was detected, possibly affecting '
                'personal information including names. The specific number of '
                'individuals affected is currently unknown.',
 'impact': {'data_compromised': ['Names'],
            'identity_theft_risk': 'Potential',
            'systems_affected': ['Employee Business Email Account']},
 'initial_access_broker': {'entry_point': 'Employee Email Account'},
 'investigation_status': 'Ongoing (Number of affected individuals unknown)',
 'references': [{'date_accessed': '2024-04-29',
                 'source': 'Vermont Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Vermont Office of the '
                                                        'Attorney General']},
 'title': 'Data Breach at Catholic Diocese of Cleveland',
 'type': 'Data Breach'}

Catholic Diocese of Cleveland

Alfa Bank and Ministry of Defense: Russia’s Crackdown on Probiv Data Leaks May Have Fed the Beast Instead

Coupang: Nomura downgrades Coupang to 'neutral' on data breach, regulatory risks

Dartmouth College, Harvard University, Princeton University, Columbia University and Clemson University: Why Cyberattacks in Higher Ed Keep Proliferating