The National Board for Certified Counselors, Inc. (NBCC) experienced a malware-driven cyberattack between August 31, 2020, and September 7, 2020, leading to a data breach reported on January 12, 2021. The incident compromised sensitive personal information of 9,898 Washington residents, including names, Social Security numbers, full dates of birth, and credential details. The breach stemmed from a cyberattack involving malware, which infiltrated NBCC’s systems, allowing unauthorized access to highly confidential data. The exposed information particularly Social Security numbers and birth dates poses severe risks, including identity theft, financial fraud, and long-term reputational harm to affected individuals. Given the nature of the compromised data, the breach falls under a high-severity category, as it directly impacts individuals' financial and personal security. The Washington State Office of the Attorney General disclosed the incident, emphasizing the potential for fraudulent misuse of the stolen credentials. While the exact method of malware deployment remains undisclosed, the breach underscores vulnerabilities in NBCC’s cybersecurity defenses, raising concerns about data protection compliance and the organization’s ability to safeguard sensitive client information.
TPRM report: https://www.rankiteo.com/company/the-national-board-for-certified-counselors
"id": "the414082025",
"linkid": "the-national-board-for-certified-counselors",
"type": "Cyber Attack",
"date": "8/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '9,898',
'industry': 'Healthcare / Counseling Certification',
'location': 'United States (Washington residents '
'affected: 9,898)',
'name': 'National Board for Certified Counselors, Inc. '
'(NBCC)',
'type': 'Non-profit Organization'}],
'attack_vector': 'Malware',
'data_breach': {'data_exfiltration': 'Likely (malware attack)',
'number_of_records_exposed': '9,898 (Washington residents)',
'personally_identifiable_information': ['names',
'Social Security '
'numbers',
'full dates of birth'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Credentials']},
'date_publicly_disclosed': '2021-01-12',
'description': 'The Washington State Office of the Attorney General reported '
'a data breach involving the National Board for Certified '
'Counselors, Inc. (NBCC) on January 12, 2021. The breach, '
'which occurred between August 31, 2020, and September 7, '
'2020, was caused by a malware cyberattack, potentially '
'affecting 9,898 Washington residents. The information '
'compromised includes names, Social Security numbers, full '
'dates of birth, and other credential information.',
'impact': {'data_compromised': ['names',
'Social Security numbers',
'full dates of birth',
'credential information'],
'identity_theft_risk': 'High (PII exposed)'},
'references': [{'source': 'Washington State Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Washington State '
'Office of the Attorney '
'General'},
'response': {'communication_strategy': 'Public disclosure via Washington '
'State Office of the Attorney General'},
'title': 'Data Breach at National Board for Certified Counselors, Inc. (NBCC)',
'type': 'Data Breach'}