Pacific University

The Washington State Office of the Attorney General disclosed a ransomware attack targeting Pacific University, which occurred between February 7, 2020, and May 20, 2020, and was detected on July 16, 2020. The breach compromised sensitive personal data of 9,196 individuals, including names, full dates of birth, and demographic details. The attack resulted in unauthorized access to personally identifiable information (PII), posing risks such as identity theft, financial fraud, and reputational harm to affected individuals. While the university took steps to investigate and mitigate the incident including notifying impacted parties and offering credit monitoring the breach highlighted vulnerabilities in its cybersecurity defenses. The involvement of ransomware suggests that attackers may have encrypted critical systems, further disrupting operations and potentially demanding payment for data restoration. The exposed data, though not explicitly financial or medical, still carries significant privacy risks, particularly if exploited for targeted phishing or social engineering attacks. The prolonged duration between the breach and its discovery (over five months) underscores challenges in early threat detection, amplifying the potential consequences for both the university and those affected.

Source: https://www.atg.wa.gov/data-breach-notifications | https://data.wa.gov/resource/sb4j-ca4h.json?id=10301

TPRM report: https://www.rankiteo.com/company/pacific-university-school-of-pharmacy

"id": "pac551083025",
"linkid": "pacific-university-school-of-pharmacy",
"type": "Ransomware",
"date": "2/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'customers_affected': 9196,
                        'industry': 'higher education',
                        'location': 'Washington, USA',
                        'name': 'Pacific University',
                        'type': 'educational institution'}],
 'data_breach': {'number_of_records_exposed': 9196,
                 'personally_identifiable_information': ['names',
                                                         'full dates of birth',
                                                         'demographic details'],
                 'sensitivity_of_data': 'high',
                 'type_of_data_compromised': ['personal identifiable '
                                              'information (PII)']},
 'date_detected': '2020-07-16',
 'date_publicly_disclosed': '2020-09-08',
 'description': 'The Washington State Office of the Attorney General reported '
                'a data breach involving Pacific University. The breach '
                'occurred between February 7, 2020, and May 20, 2020, and was '
                'identified on July 16, 2020, following a ransomware attack '
                'that affected approximately 9,196 individuals. The '
                'compromised information included names, full dates of birth, '
                'and other demographic details.',
 'impact': {'data_compromised': ['names',
                                 'full dates of birth',
                                 'demographic details'],
            'identity_theft_risk': 'high'},
 'references': [{'source': 'Washington State Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Washington State '
                                                        'Office of the '
                                                        'Attorney General']},
 'title': 'Pacific University Data Breach and Ransomware Attack (2020)',
 'type': ['data breach', 'ransomware attack']}