The Vermont Office of the Attorney General disclosed a data breach affecting The Columbus Foundation in September 2023. An unauthorized external actor exposed internal data by posting internet links containing sensitive personal information. The compromised data potentially included names, addresses, driver’s license numbers, and Social Security numbers of applicants participating in the foundation’s programs. The breach was detected after the data had already been leaked, with the incident originating in early July 2023. While the full scope of the exposure remains under investigation, the leaked information poses significant risks, including identity theft, financial fraud, and reputational harm to the affected individuals. The foundation has not confirmed whether the breach was part of a broader cyberattack (e.g., ransomware or phishing) or resulted from an unpatched vulnerability. Authorities are likely assessing the extent of the damage and potential legal ramifications under data protection laws.
Source: https://ago.vermont.gov/document/2023-09-08-columbus-foundation-data-breach-notice-consumers
TPRM report: https://www.rankiteo.com/company/the-columbus-foundation
"id": "the547091725",
"linkid": "the-columbus-foundation",
"type": "Breach",
"date": "7/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Applicants involved in the '
"foundation's programs",
'industry': 'Philanthropy',
'name': 'The Columbus Foundation',
'type': 'Non-profit organization'}],
'data_breach': {'data_exfiltration': 'Yes (posted as internet links)',
'personally_identifiable_information': ['names',
'addresses',
"driver's license "
'numbers',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_publicly_disclosed': '2023-09-08',
'description': 'The Vermont Office of the Attorney General reported a data '
'breach involving The Columbus Foundation on September 8, '
'2023. An unauthorized external party posted internet links to '
'a portion of the internal data, which potentially included '
"names, addresses, driver's license numbers, and Social "
"Security numbers of applicants involved in the foundation's "
'programs. The breach occurred in early July 2023.',
'impact': {'data_compromised': ['names',
'addresses',
"driver's license numbers",
'Social Security numbers'],
'identity_theft_risk': 'High (PII exposed)'},
'references': [{'date_accessed': '2023-09-08',
'source': 'Vermont Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Vermont Office of the '
'Attorney General'},
'response': {'communication_strategy': 'Public disclosure via Vermont Office '
'of the Attorney General'},
'threat_actor': 'Unauthorized external party',
'title': 'Data Breach at The Columbus Foundation',
'type': 'Data Breach'}