Southern New Hampshire University

The Washington State Office of the Attorney General disclosed a ransomware cyberattack targeting Southern New Hampshire University, reported on August 24, 2020. The breach occurred between February 7, 2020, and May 20, 2020, compromising the personal records of 1,826 Washington residents. Exposed data included names and full dates of birth, though the full scope of the attack’s consequences—such as whether the data was exfiltrated or misused—was not detailed. As a ransomware incident, the attack likely involved encryption of university systems, with threat actors demanding payment for decryption. The exposure of personally identifiable information (PII) poses risks of identity theft or fraud for affected individuals. The university was required to notify impacted parties and may have faced regulatory scrutiny under data protection laws. The incident highlights vulnerabilities in educational institutions’ cybersecurity defenses, particularly against financially motivated ransomware groups.

Source: https://www.atg.wa.gov/data-breach-notifications | https://data.wa.gov/resource/sb4j-ca4h.json?id=10263

TPRM report: https://www.rankiteo.com/company/southern-new-hampshire-university

"id": "sou039090625",
"linkid": "southern-new-hampshire-university",
"type": "Ransomware",
"date": "2/2020",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '1,826 (Washington residents)',
                        'industry': 'Higher Education',
                        'location': 'New Hampshire, USA (affecting Washington '
                                    'residents)',
                        'name': 'Southern New Hampshire University',
                        'type': 'Educational Institution'}],
 'data_breach': {'number_of_records_exposed': '1,826',
                 'personally_identifiable_information': ['Names',
                                                         'Full dates of birth'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)']},
 'date_publicly_disclosed': '2020-08-24',
 'description': 'The Washington State Office of the Attorney General reported '
                'a data breach involving Southern New Hampshire University on '
                'August 24, 2020. The breach, which was a ransomware '
                'cyberattack, exposed records of 1,826 Washington residents '
                'between February 7, 2020, and May 20, 2020, affecting '
                'personal information such as names and full dates of birth.',
 'impact': {'data_compromised': ['Names', 'Full dates of birth'],
            'identity_theft_risk': 'High (PII exposed)'},
 'references': [{'source': 'Washington State Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'Washington State '
                                                       'Office of the Attorney '
                                                       'General'},
 'response': {'communication_strategy': 'Public disclosure via Washington '
                                        'State Office of the Attorney General'},
 'title': 'Southern New Hampshire University Ransomware Data Breach (2020)',
 'type': 'Data Breach (Ransomware)'}