St. Joseph School

On May 20, 2020, St. Joseph School fell victim to a ransomware attack that compromised a backup copy containing sensitive donor information. The breach exposed 5,142 Washington residents' data, including names, contact details, and dates of birth. While no credit card numbers or Social Security numbers were accessed, the unauthorized removal of personal records posed significant privacy risks. The school initiated notifications to affected individuals on August 14, 2020, nearly three months after the incident. The attack highlighted vulnerabilities in the institution’s data protection measures, particularly concerning third-party donor records, though the full extent of misuse (if any) remains undisclosed. The delay in disclosure further raised concerns about transparency and incident response protocols.

Source: https://www.atg.wa.gov/data-breach-notifications | https://data.wa.gov/resource/sb4j-ca4h.json?id=10239

TPRM report: https://www.rankiteo.com/company/st-joseph-catholic-school-richardson-tx

"id": "st-1024090725",
"linkid": "st-joseph-catholic-school-richardson-tx",
"type": "Ransomware",
"date": "5/2020",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '5,142',
                        'industry': 'education',
                        'location': 'Washington, USA',
                        'name': 'St. Joseph School',
                        'type': 'educational institution'}],
 'customer_advisories': 'Notifications sent to affected individuals starting '
                        'August 14, 2020',
 'data_breach': {'data_exfiltration': 'yes (backup copy removed)',
                 'number_of_records_exposed': '5,142',
                 'personally_identifiable_information': 'yes (names, contact '
                                                        'information, dates of '
                                                        'birth)',
                 'sensitivity_of_data': 'moderate (PII but no SSN or financial '
                                        'data)',
                 'type_of_data_compromised': ['donor information (names, '
                                              'contact info, dates of birth)']},
 'date_detected': '2020-05-20',
 'date_publicly_disclosed': '2020-08-14',
 'description': "The Washington State Attorney General's Office reported that "
                'St. Joseph School experienced a ransomware attack on May 20, '
                '2020, affecting 5,142 Washington residents. The breach '
                'involved the unauthorized removal of a backup copy containing '
                'donor information, including names, contact information, and '
                'dates of birth, but no credit card information or Social '
                'Security numbers were accessed. Notifications began on August '
                '14, 2020.',
 'impact': {'data_compromised': ['names',
                                 'contact information',
                                 'dates of birth'],
            'identity_theft_risk': 'low (no SSN or credit card info accessed)',
            'payment_information_risk': 'none',
            'systems_affected': ['backup copy']},
 'ransomware': {'data_exfiltration': 'yes (backup copy removed)'},
 'references': [{'source': "Washington State Attorney General's Office"}],
 'regulatory_compliance': {'regulatory_notifications': 'Washington State '
                                                       "Attorney General's "
                                                       'Office'},
 'response': {'communication_strategy': 'Notifications began on August 14, '
                                        '2020'},
 'title': 'Ransomware Attack on St. Joseph School',
 'type': 'ransomware'}