Meridian Community College

Meridian Community College notified that they have been hit by a cyber attack through an employee's email account which has breached some of their personal information.

The compromised information includes name, Social Security number, driver’s license number, passport number, date of birth, username or email and password, medical treatment information or health insurance information.

MCC becomes aware of a phishing incident that resulted in the compromise of certain user credentials, commences investigation, and works with third-party forensics firm.

Investigators cannot rule out access to certain employee email accounts, so MCC begins manually reviewing all emails and attachments in compromised email accounts.

Source: https://www.databreaches.net/meridian-community-college-discloses-a-breach-that-was-discovered-in-january/

TPRM report: https://scoringcyber.rankiteo.com/company/meridiancc

"id": "mer16313423",
"linkid": "meridiancc",
"type": "Breach",
"date": "09/2019",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Education',
                        'name': 'Meridian Community College',
                        'type': 'Educational Institution'}],
 'attack_vector': 'Phishing',
 'data_breach': {'personally_identifiable_information': ['name',
                                                         'Social Security '
                                                         'number',
                                                         'driver’s license '
                                                         'number',
                                                         'passport number',
                                                         'date of birth',
                                                         'username or email '
                                                         'and password',
                                                         'medical treatment '
                                                         'information',
                                                         'health insurance '
                                                         'information'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally identifiable '
                                              'information',
                                              'Health information']},
 'description': 'Meridian Community College notified that they have been hit '
                "by a cyber attack through an employee's email account which "
                'has breached some of their personal information.',
 'impact': {'data_compromised': ['name',
                                 'Social Security number',
                                 'driver’s license number',
                                 'passport number',
                                 'date of birth',
                                 'username or email and password',
                                 'medical treatment information',
                                 'health insurance information'],
            'systems_affected': 'Employee email accounts'},
 'initial_access_broker': {'entry_point': 'Phishing email'},
 'investigation_status': 'Ongoing',
 'post_incident_analysis': {'root_causes': 'Phishing attack leading to '
                                           'compromised user credentials'},
 'response': {'remediation_measures': 'Manually reviewing all emails and '
                                      'attachments in compromised email '
                                      'accounts',
              'third_party_assistance': 'Third-party forensics firm'},
 'title': 'Meridian Community College Cyber Attack',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Compromised user credentials'}

Meridian Community College

Dansons

TEP Holdings, LLC

Bolton Global