On May 16, 2016, the California Office of the Attorney General disclosed a data breach at Solano Community College, originating from a phishing attack on April 28, 2016. The incident led to the unauthorized exposure of W-2 tax forms, compromising sensitive employee data for the year 2015. The leaked information included names, Social Security numbers (SSNs), and salary details of nearly all employees working at the college during that period. The breach was a result of a targeted phishing scam, where attackers deceived employees into disclosing credentials or accessing malicious links, granting unauthorized access to payroll systems. The exposed data posed significant risks, including identity theft, financial fraud, and tax-related scams, as SSNs and salary information are high-value targets for cybercriminals. The college was required to notify affected individuals and likely implemented remediation measures, such as credit monitoring services and cybersecurity training, to mitigate future risks. The incident highlighted vulnerabilities in the institution’s email security and employee awareness, emphasizing the need for stronger phishing defenses and data protection protocols to prevent similar breaches.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-61842
TPRM report: https://www.rankiteo.com/company/solanocoe
"id": "sol128082125",
"linkid": "solanocoe",
"type": "Breach",
"date": "6/2015",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'All employees (2015 workforce)',
'industry': 'Higher Education',
'location': 'California, USA',
'name': 'Solano Community College',
'type': 'Educational Institution'}],
'attack_vector': 'Phishing',
'data_breach': {'data_exfiltration': 'Yes (unauthorized disclosure of W-2 '
'data)',
'file_types_exposed': ['W-2 forms'],
'number_of_records_exposed': 'All employees (2015) - exact '
'count unspecified',
'personally_identifiable_information': ['Names',
'Social Security '
'numbers',
'Salary information'],
'sensitivity_of_data': 'High (SSNs, salary details, names)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Tax/Financial Data (W-2 '
'forms)']},
'date_detected': '2016-04-28',
'date_publicly_disclosed': '2016-05-16',
'description': 'The California Office of the Attorney General reported a data '
'breach at Solano Community College on May 16, 2016, stemming '
'from a phishing incident that occurred on April 28, 2016. The '
'breach involved the unauthorized disclosure of W-2 '
'information, including names, Social Security numbers, and '
'salary information for employees who worked in 2015. '
'Approximately all employees of Solano Community College '
'during that time were affected.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive employee data',
'data_compromised': ['W-2 information (names, Social Security '
'numbers, salary details)'],
'identity_theft_risk': 'High (due to exposure of SSNs and personal '
'data)'},
'initial_access_broker': {'entry_point': 'Phishing email',
'high_value_targets': ['Employee W-2 data']},
'post_incident_analysis': {'root_causes': 'Successful phishing attack leading '
'to unauthorized data disclosure'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to California '
'Office of the Attorney '
'General'},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'Solano Community College Phishing Data Breach (2016)',
'type': 'Data Breach',
'vulnerability_exploited': 'Human error (phishing susceptibility)'}