NOLS

The Washington State Office of the Attorney General disclosed that NOLS (National Outdoor Leadership School) fell victim to a ransomware attack, resulting in the unauthorized exfiltration of personal data belonging to 3,049 Washington residents. The breach occurred intermittently between February 7, 2020, and May 20, 2020, but was only detected on August 11, 2020. The compromised information included names and dates of birth, though no financial records, Social Security numbers, or other highly sensitive data were exposed. While the attack did not involve financial theft or systemic operational disruption, the exposure of personally identifiable information (PII) poses risks such as identity fraud, phishing, or reputational harm to affected individuals. The incident underscores vulnerabilities in NOLS’ cybersecurity defenses, particularly in detecting and mitigating prolonged unauthorized access. The lack of financial or critical data compromise limits the immediate severity, but the personal data leak of customers remains a significant concern under data protection regulations.

Source: https://www.atg.wa.gov/data-breach-notifications | https://data.wa.gov/resource/sb4j-ca4h.json?id=10295

TPRM report: https://www.rankiteo.com/company/north-olympic-library-system

"id": "nor308091725",
"linkid": "north-olympic-library-system",
"type": "Ransomware",
"date": "2/2020",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '3,049',
                        'industry': 'education/outdoor leadership',
                        'location': 'Washington, USA (affected residents)',
                        'name': 'NOLS (National Outdoor Leadership School)',
                        'type': 'non-profit educational organization'}],
 'data_breach': {'data_exfiltration': 'yes (intermittent unauthorized removal '
                                      'between 2020-02-07 and 2020-05-20)',
                 'number_of_records_exposed': '3,049',
                 'personally_identifiable_information': ['names',
                                                         'dates of birth'],
                 'sensitivity_of_data': 'moderate (personally identifiable '
                                        'information)',
                 'type_of_data_compromised': ['personal information']},
 'date_detected': '2020-08-11',
 'description': 'The Washington State Office of the Attorney General reported '
                'that NOLS experienced a ransomware attack that affected the '
                'personal information of 3,049 Washington residents. The '
                'breach involved unauthorized data removal occurring '
                'intermittently between February 7, 2020, and May 20, 2020, '
                'and was discovered on August 11, 2020. The specific '
                'compromised data includes names and dates of birth, but not '
                'financial or social security information.',
 'impact': {'data_compromised': ['names', 'dates of birth'],
            'identity_theft_risk': 'moderate (personal information exposed)',
            'payment_information_risk': 'none'},
 'ransomware': {'data_exfiltration': 'yes'},
 'references': [{'source': 'Washington State Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'Washington State '
                                                       'Office of the Attorney '
                                                       'General'},
 'response': {'law_enforcement_notified': 'yes (Washington State Office of the '
                                          'Attorney General)'},
 'title': 'NOLS Ransomware Attack Affecting Washington Residents',
 'type': 'ransomware'}