Savannah College of Art and Design

Savannah College of Art and Design (SCAD) was targeted in a ransomware attack that resulted in a data breach in which a large amount of data was exfiltrated.

However, unlike some ransomware attacks, the college’s network was not encrypted; only data was exfiltrated.

More than 69,000 files were exfiltrated having routine college business such as personnel-related files and student files with personal information.

The breach included people’s names and clues as to the content of the files (e.g., passports, payroll-related information, bank statements, personal statements, recommendation letters, etc.).

Some of the files contained more than 15,000 records going back to 2005.

Source: https://www.databreaches.net/hackers-acquire-info-on-current-and-former-students-and-staff-at-savannah-college-of-art-and-design/

TPRM report: https://scoringcyber.rankiteo.com/company/savannah-college-of-art-and-design

"id": "sav2117161122",
"linkid": "savannah-college-of-art-and-design",
"type": "Breach",
"date": "09/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Education',
                        'location': 'Savannah, Georgia',
                        'name': 'Savannah College of Art and Design',
                        'type': 'Educational Institution'}],
 'data_breach': {'data_exfiltration': True,
                 'number_of_records_exposed': ['69,000 files',
                                               '15,000 records'],
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['personnel-related files',
                                              'student files with personal '
                                              'information',
                                              'passports',
                                              'payroll-related information',
                                              'bank statements',
                                              'personal statements',
                                              'recommendation letters']},
 'description': 'Savannah College of Art and Design (SCAD) was targeted in a '
                'ransomware attack that resulted in a data breach in which a '
                'large amount of data was exfiltrated. However, unlike some '
                'ransomware attacks, the college’s network was not encrypted; '
                'only data was exfiltrated. More than 69,000 files were '
                'exfiltrated having routine college business such as '
                'personnel-related files and student files with personal '
                'information. The breach included people’s names and clues as '
                'to the content of the files (e.g., passports, payroll-related '
                'information, bank statements, personal statements, '
                'recommendation letters, etc.). Some of the files contained '
                'more than 15,000 records going back to 2005.',
 'impact': {'data_compromised': ['personnel-related files',
                                 'student files with personal information',
                                 'passports',
                                 'payroll-related information',
                                 'bank statements',
                                 'personal statements',
                                 'recommendation letters']},
 'ransomware': {'data_exfiltration': True},
 'title': 'Ransomware Attack and Data Breach at Savannah College of Art and '
          'Design',
 'type': 'Ransomware and Data Breach'}