On May 30, 2014, Riverside Community College District (RCCD) suffered a data breach when an employee mistakenly sent an email containing sensitive student records to an incorrect external email address. The exposed data included personally identifiable information (PII) such as names, addresses, birth dates, student identification numbers, enrolled classes, and Social Security numbers (SSNs) of affected students. The breach was reported to the California Office of the Attorney General on June 13, 2014. The incident posed significant risks to the affected students, as SSNs and other PII could be exploited for identity theft, financial fraud, or other malicious activities. While the breach did not involve a targeted cyber attack, ransomware, or a systemic vulnerability, the mishandling of sensitive data resulted in the unauthorized disclosure of student information. The college district was required to notify impacted individuals and implement measures to mitigate potential harm, including credit monitoring and identity protection services. The breach highlighted the importance of proper data handling procedures and the need for robust safeguards to prevent accidental disclosures of sensitive information in educational institutions.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-45469
TPRM report: https://www.rankiteo.com/company/riverside-community-college-district
"id": "riv246090125",
"linkid": "riverside-community-college-district",
"type": "Breach",
"date": "5/2014",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Students (number unspecified)',
'industry': 'Higher Education',
'location': 'Riverside, California, USA',
'name': 'Riverside Community College District (RCCD)',
'type': 'Educational Institution'}],
'attack_vector': 'Human Error (Email Misdirection)',
'data_breach': {'data_exfiltration': 'Yes (via misaddressed email)',
'file_types_exposed': 'Email attachment (format unspecified)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (includes SSNs and PII)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Academic Records']},
'date_detected': '2014-05-30',
'date_publicly_disclosed': '2014-06-13',
'description': 'The California Office of the Attorney General reported that '
'Riverside Community College District (RCCD) experienced a '
'data breach on May 30, 2014, involving an email sent to an '
'incorrect external email address containing student records. '
'The breach potentially compromised names, addresses, birth '
'dates, student identification numbers, enrolled classes, and '
'Social Security numbers of affected students.',
'impact': {'brand_reputation_impact': 'Potential (due to exposure of '
'sensitive student data)',
'data_compromised': ['Names',
'Addresses',
'Birth Dates',
'Student Identification Numbers',
'Enrolled Classes',
'Social Security Numbers'],
'identity_theft_risk': 'High (due to exposure of PII and SSNs)'},
'post_incident_analysis': {'root_causes': 'Human error (email sent to '
'incorrect external recipient)'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to California '
'Office of the Attorney '
'General'},
'response': {'communication_strategy': 'Reported to California Office of the '
'Attorney General'},
'title': 'Riverside Community College District (RCCD) Data Breach via '
'Misaddressed Email',
'type': 'Data Breach (Human Error - Misaddressed Email)'}