Liberty University experienced a data breach through a third-party vendor, Athletic Trainer System (ATS), which exposed sensitive information of 5,434 individuals. The breach occurred due to unauthorized access to two user accounts in February 2020 and October 2020, compromising Social Security Numbers (SSNs)—a high-value target for identity theft. The incident was disclosed to the Maine Office of the Attorney General on April 29, 2024, nearly four years after the initial breach, raising concerns about delayed detection and reporting. Affected individuals were offered identity theft protection services, but the prolonged exposure period increases the risk of fraudulent activity, financial loss, and reputational harm. The breach highlights vulnerabilities in third-party vendor security and the potential long-term consequences of compromised personally identifiable information (PII).
TPRM report: https://www.rankiteo.com/company/liberty-university-school-of-health-sciences
"id": "lib718082025",
"linkid": "liberty-university-school-of-health-sciences",
"type": "Breach",
"date": "2/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '5,434 individuals',
'industry': 'Higher Education',
'location': 'Lynchburg, Virginia, USA',
'name': 'Liberty University',
'type': 'Educational Institution'},
{'industry': 'Healthcare/Software Services',
'name': 'Athletic Trainer System (ATS)',
'type': 'Third-Party Vendor'}],
'attack_vector': 'Unauthorized Access (Compromised User Accounts)',
'customer_advisories': 'Identity theft protection services offered to '
'affected individuals',
'data_breach': {'data_exfiltration': 'Likely (unauthorized access to '
'accounts)',
'number_of_records_exposed': '5,434',
'personally_identifiable_information': 'Yes (Social Security '
'Numbers)',
'sensitivity_of_data': 'High (Personally Identifiable '
'Information)',
'type_of_data_compromised': ['Social Security Numbers']},
'date_publicly_disclosed': '2024-04-29',
'description': 'The Maine Office of the Attorney General reported that '
'Liberty University experienced a data breach involving a '
'third-party vendor, Athletic Trainer System (ATS), which '
'potentially affected 5,434 individuals. The breach involved '
'unauthorized access to two user accounts in February 2020 and '
'October 2020, compromising Social Security Numbers. Identity '
'theft protection services were offered to those affected.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'exposure of sensitive data',
'data_compromised': ['Social Security Numbers'],
'identity_theft_risk': 'High (Social Security Numbers '
'compromised)'},
'initial_access_broker': {'entry_point': 'Compromised user accounts (ATS '
'vendor)',
'high_value_targets': ['Social Security Numbers']},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to Maine '
'Office of the Attorney '
'General'},
'response': {'communication_strategy': 'Public disclosure via Maine Office of '
'the Attorney General',
'recovery_measures': 'Identity theft protection services offered '
'to affected individuals'},
'title': 'Liberty University Data Breach via Third-Party Vendor (ATS)',
'type': 'Data Breach'}