St. Paul's School experienced a data breach due to a ransomware attack targeting its third-party service provider, Blackbaud, Inc. The incident occurred between February 7, 2020, and May 20, 2020, with unauthorized access to sensitive data. The breach impacted 4,480 individuals, including 104 Maine residents, exposing Social Security numbers highly sensitive personal information. While the school offered two years of free credit monitoring and identity theft protection, the exposure of such critical data poses long-term risks, including identity theft, financial fraud, and reputational harm. The attack was part of a broader campaign against Blackbaud, affecting multiple organizations relying on its services. The compromised data did not include ransomware encryption of St. Paul’s own systems but stemmed from the provider’s vulnerability, highlighting supply-chain risks in cybersecurity.
TPRM report: https://www.rankiteo.com/company/st'-paul's-school
"id": "st'1006091725",
"linkid": "st'-paul's-school",
"type": "Ransomware",
"date": "2/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 4480,
'industry': 'education',
'name': "St. Paul's School",
'type': 'educational institution'},
{'industry': 'technology/software',
'name': 'Blackbaud, Inc.',
'type': 'service provider (external system)'}],
'customer_advisories': ['free credit monitoring and identity theft protection '
'services offered for two years'],
'data_breach': {'data_exfiltration': 'yes',
'number_of_records_exposed': 4480,
'personally_identifiable_information': ['Social Security '
'numbers'],
'sensitivity_of_data': 'high (includes Social Security '
'numbers)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)']},
'date_publicly_disclosed': '2021-01-21',
'description': 'The Maine Office of the Attorney General reported a data '
"breach involving St. Paul's School due to a ransomware attack "
'on their external system provider, Blackbaud, Inc. '
'Unauthorized access occurred between February 7, 2020, and '
'May 20, 2020, compromising personal information, including '
'Social Security numbers, of 4,480 individuals (including 104 '
'Maine residents). Affected individuals were offered two years '
'of free credit monitoring and identity theft protection '
'services.',
'impact': {'data_compromised': ['Social Security numbers'],
'identity_theft_risk': 'high (Social Security numbers exposed)',
'systems_affected': ["Blackbaud's external systems"]},
'ransomware': {'data_exfiltration': 'yes'},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
'Attorney General']},
'response': {'communication_strategy': ['public disclosure via Maine Office '
'of the Attorney General'],
'remediation_measures': ['offered free credit monitoring and '
'identity theft protection services for '
'two years']},
'title': "Data Breach at St. Paul's School via Blackbaud Ransomware Attack",
'type': ['data breach', 'ransomware attack']}