Pacific Science Center

The Pacific Science Center experienced a data breach between June 13, 2017, and June 21, 2017, attributed to a spear-phishing attack. The incident, reported by the Washington State Office of the Attorney General on July 10, 2017, resulted in the compromise of personal information belonging to 605 Washington residents. The exposed data included names and Social Security numbers (SSNs), which are highly sensitive identifiers. Such information can be exploited for identity theft, financial fraud, or targeted scams, posing long-term risks to the affected individuals. The breach underscores vulnerabilities in the organization’s email security protocols and employee awareness training, as spear-phishing exploits human error to gain unauthorized access. While the breach did not involve ransomware or systemic operational disruption, the exposure of SSNs elevates the severity due to the potential for prolonged harm to victims, including credit damage and legal liabilities for the company. The incident also risks reputational damage, eroding public trust in the institution’s ability to safeguard personal data.

Source: https://www.atg.wa.gov/data-breach-notifications | https://data.wa.gov/resource/sb4j-ca4h.json?id=9720

TPRM report: https://www.rankiteo.com/company/pacific-science-center

"id": "pac1018090725",
"linkid": "pacific-science-center",
"type": "Breach",
"date": "6/2017",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 605,
                        'industry': 'Education / Science Museum',
                        'location': 'Seattle, Washington, USA',
                        'name': 'Pacific Science Center',
                        'type': 'Non-profit Organization'}],
 'attack_vector': 'Spear Phishing',
 'data_breach': {'data_exfiltration': True,
                 'number_of_records_exposed': 605,
                 'personally_identifiable_information': ['Names',
                                                         'Social Security '
                                                         'Numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)']},
 'date_detected': '2017-06-21',
 'date_publicly_disclosed': '2017-07-10',
 'description': 'The Washington State Office of the Attorney General reported '
                'a data breach involving Pacific Science Center on July 10, '
                '2017. The breach, which occurred from June 13, 2017, to June '
                "21, 2017, was the result of a 'spear phishing' attack, "
                'compromising personal information of approximately 605 '
                'Washington residents including names and Social Security '
                'numbers.',
 'impact': {'data_compromised': ['Names', 'Social Security Numbers'],
            'identity_theft_risk': 'High (SSNs compromised)'},
 'initial_access_broker': {'entry_point': 'Spear Phishing Email'},
 'investigation_status': 'Disclosed',
 'post_incident_analysis': {'root_causes': 'Successful spear phishing attack '
                                           'leading to unauthorized access to '
                                           'PII'},
 'references': [{'source': 'Washington State Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'Washington State '
                                                       'Attorney General'},
 'response': {'communication_strategy': 'Public disclosure via Washington '
                                        'State Attorney General'},
 'title': 'Pacific Science Center Data Breach (2017)',
 'type': 'Data Breach'}