On March 26, 2019, Seattle University experienced a data breach after an unencrypted laptop containing sensitive personal information was stolen. The compromised data included the names and Social Security numbers (SSNs) of approximately 2,064 individuals, all of whom were Washington state residents. The breach was publicly disclosed by the Washington State Office of the Attorney General on April 23, 2019. In response, Seattle University took remedial actions, including offering free credit monitoring services to affected individuals to mitigate potential identity theft risks. Additionally, the university implemented internal security enhancements to prevent similar incidents in the future. The theft of unencrypted devices highlights vulnerabilities in data protection protocols, particularly concerning the safeguarding of highly sensitive personally identifiable information (PII). The incident underscores the critical need for robust encryption and access controls to prevent unauthorized exposure of confidential data.
TPRM report: https://www.rankiteo.com/company/seattleueduc
"id": "sea432082125",
"linkid": "seattleueduc",
"type": "Breach",
"date": "3/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '2,064 (Washington Residents)',
'industry': 'Higher Education',
'location': 'Seattle, Washington, USA',
'name': 'Seattle University',
'type': 'Educational Institution'}],
'attack_vector': 'Theft of Unencrypted Device',
'customer_advisories': ['Credit Monitoring Services Offered to Affected '
'Individuals'],
'data_breach': {'data_encryption': 'No (Device was Unencrypted)',
'data_exfiltration': 'Yes (via Physical Theft)',
'number_of_records_exposed': '2,064',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High (Includes SSNs)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2019-03-26',
'date_publicly_disclosed': '2019-04-23',
'description': 'The Washington State Office of the Attorney General reported '
'a data breach involving Seattle University on April 23, 2019. '
'The breach, which occurred on March 26, 2019, involved the '
'theft of an unencrypted laptop containing the names and '
'Social Security numbers of approximately 2,064 individuals, '
'specifically Washington residents. Seattle University is '
'providing credit monitoring services to those affected and '
'has initiated internal security enhancements.',
'impact': {'brand_reputation_impact': 'Potential Reputation Damage (Credit '
'Monitoring Offered)',
'data_compromised': ['Names', 'Social Security Numbers'],
'identity_theft_risk': 'High (SSNs Compromised)',
'systems_affected': ['Unencrypted Laptop']},
'investigation_status': 'Disclosed; Remediation Ongoing',
'post_incident_analysis': {'corrective_actions': ['Internal Security '
'Enhancements',
'Credit Monitoring for '
'Affected Parties'],
'root_causes': ['Lack of Encryption on Laptop',
'Inadequate Physical Security '
'Controls']},
'recommendations': ['Implement Full-Disk Encryption for All Portable Devices',
'Enhance Physical Security Measures for Sensitive Data '
'Storage'],
'references': [{'date_accessed': '2019-04-23',
'source': 'Washington State Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Washington State '
'Attorney General']},
'response': {'communication_strategy': ['Public Disclosure via Washington '
'State Attorney General'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['Credit Monitoring Services for Affected '
'Individuals'],
'remediation_measures': ['Internal Security Enhancements']},
'title': 'Seattle University Data Breach (2019)',
'type': 'Data Breach (Physical Theft)',
'vulnerability_exploited': 'Lack of Encryption on Laptop'}