Scholarship America, a nonprofit organization that manages scholarship and tuition assistance programs for different organizations, experienced a data security incident.
It resulted in exposure to certain personal information.
On or about April 28, 2020, Scholarship America's internal IT security processes detected suspicious activity within its email system which triggered security protocols.
The impact of this incident was limited to certain Microsoft Office 365 email accounts.
The data contained a variety of elements such as names, mailing addresses, and telephone numbers, and, in some instances, it included protected information like Social Security numbers.
TPRM report: https://scoringcyber.rankiteo.com/company/scholarship-america
"id": "sch3123123",
"linkid": "scholarship-america",
"type": "Data Leak",
"date": "04/2020",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'industry': 'Education',
'name': 'Scholarship America',
'type': 'Nonprofit Organization'}],
'attack_vector': 'Phishing/Email Compromise',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Protected Information']},
'date_detected': '2020-04-28',
'description': 'Scholarship America experienced a data security incident '
'resulting in the exposure of certain personal information.',
'impact': {'data_compromised': ['Names',
'Mailing Addresses',
'Telephone Numbers',
'Social Security Numbers'],
'systems_affected': ['Microsoft Office 365 email accounts']},
'initial_access_broker': {'entry_point': 'Email System'},
'title': 'Data Security Incident at Scholarship America',
'type': 'Data Breach',
'vulnerability_exploited': 'Email System Vulnerability'}