American Symphony Orchestra League

The American Symphony Orchestra League suffered a ransomware attack on May 1, 2020, leading to a data breach reported by the Maine Office of the Attorney General on October 5, 2020. The incident compromised the personal information of 49,063 individuals, including physical addresses, email addresses, and telephone numbers. While the breach exposed sensitive contact details, critical financial data such as credit card numbers, bank account information, and Social Security numbers remained unaccessed. The attack did not involve financial fraud or identity theft directly tied to the exposed data, but the leak of personal customer information poses risks of phishing, spam, and targeted scams. The organization likely faced reputational damage and operational disruptions due to the need for breach notifications, customer communications, and potential regulatory scrutiny. The absence of financial data theft mitigates some severity, but the scale of affected individuals and the nature of the attack (ransomware) elevate its criticality.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/e8eda50c-b696-4a67-bbce-6d23976191aa.shtml

TPRM report: https://www.rankiteo.com/company/orchleague

"id": "orc737082025",
"linkid": "orchleague",
"type": "Ransomware",
"date": "5/2020",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '49,063',
                        'industry': 'arts and culture',
                        'location': 'United States',
                        'name': 'American Symphony Orchestra League (League of '
                                'American Orchestras)',
                        'type': 'non-profit organization'}],
 'data_breach': {'number_of_records_exposed': '49,063',
                 'personally_identifiable_information': ['physical addresses',
                                                         'email addresses',
                                                         'telephone numbers'],
                 'sensitivity_of_data': 'moderate (no financial or SSN data)',
                 'type_of_data_compromised': ['personal information']},
 'date_detected': '2020-05-01',
 'date_publicly_disclosed': '2020-10-05',
 'description': 'The Maine Office of the Attorney General reported that the '
                'American Symphony Orchestra League (now known as the League '
                'of American Orchestras) experienced a data breach due to a '
                'ransomware attack. Approximately 49,063 individuals were '
                'affected, with personal information such as physical '
                'addresses, email addresses, and telephone numbers potentially '
                'compromised. No credit card information, bank account '
                'information, or social security numbers were accessed.',
 'impact': {'data_compromised': ['physical addresses',
                                 'email addresses',
                                 'telephone numbers'],
            'identity_theft_risk': 'low (no SSNs, credit card, or bank account '
                                   'info accessed)',
            'payment_information_risk': 'none'},
 'references': [{'date_accessed': '2020-10-05',
                 'source': 'Maine Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
                                                        'Attorney General']},
 'title': 'Ransomware Attack on American Symphony Orchestra League',
 'type': 'ransomware'}