City College of San Francisco

On May 13, 2016, the California Office of the Attorney General disclosed a data breach at City College of San Francisco (CCSF). The incident originated from an employee falling victim to a phishing scam, inadvertently compromising sensitive student information. The exposed data may have included names, addresses, and Social Security numbers (SSNs), though the exact number of affected individuals remains undetermined. The breach highlights vulnerabilities in employee cybersecurity awareness, as the phishing attack successfully bypassed institutional safeguards. While the full scope of the damage such as potential identity theft or financial fraud is unclear, the exposure of personally identifiable information (PII) poses significant risks to the affected students. The college likely faced reputational harm and potential legal repercussions under data protection regulations. No evidence suggests ransomware or a broader systemic attack, but the incident underscores the critical need for robust phishing prevention training and incident response protocols in educational institutions handling sensitive data.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-61821

TPRM report: https://www.rankiteo.com/company/mendocino-college-cp

"id": "men029091825",
"linkid": "mendocino-college-cp",
"type": "Breach",
"date": "4/2016",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Unknown (Students)',
                        'industry': 'Higher Education',
                        'location': 'San Francisco, California, USA',
                        'name': 'City College of San Francisco',
                        'type': 'Educational Institution'}],
 'attack_vector': 'Phishing',
 'data_breach': {'number_of_records_exposed': 'Unknown',
                 'personally_identifiable_information': ['Names',
                                                         'Addresses',
                                                         'Social Security '
                                                         'Numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)']},
 'date_detected': '2016-05-13',
 'date_publicly_disclosed': '2016-05-13',
 'description': 'The California Office of the Attorney General reported a data '
                'breach at City College of San Francisco on May 13, 2016. The '
                'breach involved an employee responding to a phishing email, '
                'compromising student information potentially including names, '
                'addresses, and Social Security numbers; the number of '
                'affected individuals is currently unknown.',
 'impact': {'data_compromised': ['Names',
                                 'Addresses',
                                 'Social Security Numbers'],
            'identity_theft_risk': 'High (PII exposed)'},
 'initial_access_broker': {'entry_point': 'Phishing Email'},
 'post_incident_analysis': {'root_causes': 'Employee fell for phishing scam, '
                                           'leading to unauthorized access to '
                                           'sensitive student data.'},
 'references': [{'date_accessed': '2016-05-13',
                 'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'Reported to California '
                                                       'Office of the Attorney '
                                                       'General'},
 'title': 'Data Breach at City College of San Francisco (2016)',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Human Error (Employee fell for phishing scam)'}