SUNY Schenectady County Community College

On September 27, 2024, the Vermont Office of the Attorney General disclosed a data breach at SUNY Schenectady County Community College, where an unauthorized party gained access to an employee’s email account. While the exact scope of the breach remains undisclosed, preliminary reports suggest the compromised data may include names and potentially other unspecified personal information. The incident did not specify whether financial records, Social Security numbers, or highly sensitive employee/customer data were exposed, but the focus on an employee’s email account implies internal communications or limited personal details may have been accessed.The lack of clarity on the number of affected individuals or the nature of the stolen data (e.g., no confirmation of financial theft, ransomware demands, or large-scale leaks) suggests the breach was contained to internal employee-related information without broader systemic damage. However, the unauthorized access to an institutional email raises concerns about phishing risks, potential exposure of internal documents, or misuse of employee credentials. No evidence indicates the attack escalated to customer data leaks, operational disruptions, or ransomware involvement.The college has not confirmed whether the breach was part of a targeted cyber attack, an exploited vulnerability, or an isolated incident, but the focus on an employee’s account aligns with common credential-based intrusions or social engineering tactics.

Source: https://ago.vermont.gov/document/2024-09-27-suny-schenectady-county-community-college-data-breach-notice-consumers

TPRM report: https://www.rankiteo.com/company/sunyscccwfdce

"id": "sun1010091725",
"linkid": "sunyscccwfdce",
"type": "Breach",
"date": "9/2024",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Higher Education',
                        'location': 'Schenectady, New York, USA',
                        'name': 'SUNY Schenectady County Community College',
                        'type': 'Educational Institution'}],
 'attack_vector': 'Unauthorized Access (Email Account Compromise)',
 'data_breach': {'personally_identifiable_information': ['Names'],
                 'type_of_data_compromised': ['Names',
                                              'Potentially other unspecified '
                                              'data']},
 'date_detected': '2024-09-27',
 'date_publicly_disclosed': '2024-09-27',
 'description': 'On September 27, 2024, the Vermont Office of the Attorney '
                'General reported a data breach involving SUNY Schenectady '
                'County Community College. The breach involved unauthorized '
                "access to an employee's email account, but specific details "
                'regarding the number of affected individuals and the exact '
                'types of sensitive information compromised were not '
                'disclosed, indicating that the information was limited to '
                'names and potentially other unspecified data.',
 'impact': {'data_compromised': ['Names', 'Potentially other unspecified data'],
            'systems_affected': ['Employee Email Account']},
 'references': [{'date_accessed': '2024-09-27',
                 'source': 'Vermont Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Vermont Office of the '
                                                        'Attorney General']},
 'title': 'Data Breach at SUNY Schenectady County Community College',
 'type': 'Data Breach'}