The Island Institute, a Maine-based organization, experienced a data breach reported on September 28, 2020, after unauthorized actors gained access to its systems between May 16, 2020, and June 15, 2020. The incident, triggered by a phishing attack, compromised the personal information of 450 Maine residents, including highly sensitive data such as names, Social Security numbers, and financial account details. The breach exposed individuals to risks of identity theft, financial fraud, and long-term reputational harm. Given the nature of the stolen data particularly Social Security numbers and financial records the affected residents face heightened vulnerabilities to malicious activities like loan fraud, tax fraud, or unauthorized account access. The Island Institute, as a nonprofit focused on coastal community sustainability, also suffered potential erosion of trust among stakeholders, donors, and the broader public. While the breach did not involve ransomware or a systemic shutdown, the leak of financial and personally identifiable information (PII) of customers aligns with severe data protection failures, necessitating regulatory scrutiny, remediation efforts, and likely legal repercussions under state and federal data privacy laws.
TPRM report: https://www.rankiteo.com/company/island-institute
"id": "isl042091825",
"linkid": "island-institute",
"type": "Breach",
"date": "5/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 450,
'industry': 'Community Development / Environmental '
'Conservation',
'location': 'Maine, USA',
'name': 'Island Institute',
'type': 'Non-profit Organization'}],
'attack_vector': 'Phishing',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': 450,
'personally_identifiable_information': ['names',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data']},
'date_publicly_disclosed': '2020-09-28',
'description': 'The Maine Office of the Attorney General reported a data '
'breach involving the Island Institute. Unauthorized access '
'occurred between May 16, 2020, and June 15, 2020, '
'compromising personal information of 450 Maine residents, '
'including names, Social Security numbers, and financial '
'account details, due to a phishing incident.',
'impact': {'data_compromised': ['names',
'Social Security numbers',
'financial account details'],
'identity_theft_risk': 'High (SSNs and financial details exposed)',
'payment_information_risk': 'High (financial account details '
'exposed)'},
'initial_access_broker': {'entry_point': 'Phishing'},
'post_incident_analysis': {'root_causes': 'Successful phishing attack leading '
'to unauthorized access'},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
'Attorney General'},
'response': {'communication_strategy': 'Public disclosure via Maine Office of '
'the Attorney General'},
'title': 'Data Breach at Island Institute Affecting 450 Maine Residents',
'type': 'Data Breach'}