Rumsey Hall School suffered a data breach on April 18, 2020, when unauthorized actors gained access to its systems through an external hacking incident. The breach remained undetected until October 13, 2020, exposing sensitive personal information of 586 individuals, including 2 Connecticut residents. Compromised data included names and Tax Identification Numbers (TINs), which are critical for financial and identity-related fraud. The school delayed notifications until March 9, 2021, offering affected individuals two years of CyberScout credit monitoring as a remedial measure. The incident highlights vulnerabilities in the school’s cybersecurity defenses, particularly in detecting and responding to external intrusions. While no immediate financial losses or large-scale fraud were reported, the exposure of TINs poses long-term risks, including identity theft and tax fraud for the victims. The breach underscores the need for educational institutions to strengthen monitoring systems and expedite breach disclosures to mitigate potential harm.
TPRM report: https://www.rankiteo.com/company/rumsey-hall-school
"id": "rum444090725",
"linkid": "rumsey-hall-school",
"type": "Breach",
"date": "4/2020",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 586,
'industry': 'Education (K-12)',
'location': {'city': None,
'country': 'United States',
'state': 'Connecticut'},
'name': 'Rumsey Hall School',
'type': 'Educational Institution'}],
'attack_vector': 'External System Breach (Hacking)',
'customer_advisories': 'Two years of CyberScout credit monitoring offered to '
'affected individuals',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 586,
'personally_identifiable_information': ['Names',
'Tax Identification '
'Numbers (TINs)'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2020-10-13',
'date_publicly_disclosed': '2021-03-09',
'description': 'The Maine Office of the Attorney General reported that Rumsey '
'Hall School experienced a data breach on April 18, 2020, '
'involving unauthorized access through an external system '
'breach (hacking). Approximately 586 individuals were '
'affected, including 2 residents of Connecticut, with '
'compromised information including names and Tax '
'Identification Numbers (TINs). The breach was discovered on '
'October 13, 2020, and notifications were sent on March 9, '
'2021, offering two years of CyberScout credit monitoring '
'services.',
'impact': {'data_compromised': ['Names', 'Tax Identification Numbers (TINs)'],
'identity_theft_risk': 'High (PII exposed)'},
'investigation_status': 'Completed (notifications sent)',
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
'Attorney General']},
'response': {'communication_strategy': 'Notification letters sent to affected '
'individuals (2021-03-09)',
'third_party_assistance': 'CyberScout (credit monitoring '
'services)'},
'title': 'Rumsey Hall School Data Breach (2020)',
'type': 'Data Breach'}