Saybrook University

The Washington State Office of the Attorney General disclosed a ransomware attack targeting Saybrook University between February 7, 2020, and May 20, 2020, officially reported on September 8, 2020. The breach compromised the personal information of 935 Washington residents, exposing sensitive data such as full names, dates of birth, and potentially other identifying details. The attack was executed via ransomware, a malicious software variant that encrypts files and demands payment for decryption, often coupled with threats of data exposure. While the exact method of infiltration (e.g., phishing, unpatched vulnerabilities) was not specified, the prolonged duration (over three months) suggests a sophisticated or undetected intrusion. The exposed data though not explicitly confirmed to include financial records poses risks of identity theft, fraud, or targeted scams for affected individuals. As an educational institution, Saybrook University’s breach underscores vulnerabilities in sectors handling personally identifiable information (PII), particularly when cybercriminals exploit systemic weaknesses. The incident aligns with broader trends where higher education institutions face escalating ransomware threats due to legacy systems, decentralized data storage, or limited cybersecurity resources. The breach’s public disclosure via a state authority further amplifies reputational damage and potential regulatory scrutiny under data protection laws.

Source: https://www.atg.wa.gov/data-breach-notifications | https://data.wa.gov/resource/sb4j-ca4h.json?id=10298

TPRM report: https://www.rankiteo.com/company/tcs-education-system

"id": "tcs1021090625",
"linkid": "tcs-education-system",
"type": "Ransomware",
"date": "2/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'customers_affected': '935 (Washington residents)',
                        'industry': 'Higher Education',
                        'location': 'Washington, USA',
                        'name': 'Saybrook University',
                        'type': 'Educational Institution'}],
 'data_breach': {'number_of_records_exposed': '935',
                 'personally_identifiable_information': ['names',
                                                         'full dates of birth'],
                 'sensitivity_of_data': 'High (includes full dates of birth)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)']},
 'date_publicly_disclosed': '2020-09-08',
 'description': 'The Washington State Office of the Attorney General reported '
                'a data breach involving Saybrook University. The breach '
                'occurred between February 7, 2020, and May 20, 2020, due to a '
                'ransomware attack affecting the personal information of 935 '
                'Washington residents, which may have included names, full '
                'dates of birth, and other information.',
 'impact': {'data_compromised': ['names',
                                 'full dates of birth',
                                 'other personal information'],
            'identity_theft_risk': 'Potential (due to exposed PII)'},
 'ransomware': {'data_encryption': 'Likely (implied by ransomware attack)'},
 'references': [{'source': 'Washington State Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'Washington State '
                                                       'Office of the Attorney '
                                                       'General'},
 'response': {'communication_strategy': 'Public disclosure via Washington '
                                        'State Office of the Attorney General'},
 'title': 'Saybrook University Ransomware Attack and Data Breach (2020)',
 'type': 'Data Breach, Ransomware Attack'}