The Fort Hays State University Foundation experienced a data breach linked to a third-party vendor, Blackbaud, which was initially disclosed in 2020 but expanded in April 2021. The incident exposed the personal information of 32 Maine residents, including names and Social Security numbers (SSNs). The compromised data poses a significant risk of identity theft and financial fraud, as SSNs are highly sensitive identifiers often exploited for malicious purposes. In response, the foundation offered complimentary credit monitoring services to affected individuals to mitigate potential harm. The breach stems from a cybersecurity incident at Blackbaud, a cloud computing provider serving nonprofits, educational institutions, and other organizations. While the foundation did not disclose the exact method of the attack, the exposure of SSNs elevates the severity due to the long-term repercussions for victims, including potential unauthorized credit applications, tax fraud, or other forms of identity misuse. The incident underscores vulnerabilities in third-party vendor security and the cascading risks when such providers are compromised.
TPRM report: https://www.rankiteo.com/company/fhsu-foundation
"id": "fhs032091825",
"linkid": "fhsu-foundation",
"type": "Breach",
"date": "6/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '32 (Maine residents)',
'industry': 'Education',
'location': 'Hays, Kansas, USA (with affected '
'residents in Maine)',
'name': 'Fort Hays State University Foundation',
'type': 'Educational Institution (Foundation)'},
{'industry': 'Cloud Computing / Nonprofit Software',
'name': 'Blackbaud',
'type': 'Third-Party Vendor'}],
'customer_advisories': 'Complimentary credit monitoring services offered to '
'affected individuals',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '32 (Maine residents, part of a '
'larger breach)',
'personally_identifiable_information': ['Names',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High (includes Social Security '
'numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_publicly_disclosed': '2021-04-16',
'description': "The Maine Attorney General's Office reported on April 16, "
'2021, that Fort Hays State University Foundation identified '
'an additional 30 Maine residents affected by the Blackbaud '
'vendor incident, bringing the total number of notified '
'residents to 32. The compromised information included names '
'and Social Security numbers, and the foundation is offering '
'complimentary credit monitoring services to the affected '
'individuals.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'exposure of sensitive personal data',
'data_compromised': ['Names', 'Social Security numbers'],
'identity_theft_risk': 'High (due to exposure of SSNs)'},
'references': [{'date_accessed': '2021-04-16',
'source': "Maine Attorney General's Office"}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Attorney '
"General's Office"},
'response': {'communication_strategy': 'Public disclosure via Maine Attorney '
"General's Office",
'remediation_measures': 'Complimentary credit monitoring '
'services offered to affected '
'individuals'},
'title': 'Blackbaud Data Breach Affecting Fort Hays State University '
'Foundation',
'type': 'Data Breach (Third-Party Vendor Incident)'}