University of Rhode Island Foundation

The University of Rhode Island Foundation experienced a **ransomware attack** reported on **September 2, 2020**, by the Washington State Office of the Attorney General. The breach occurred between **April 18, 2020, and May 17, 2020**, compromising the personal data of approximately **500 Washington residents**. The exposed information was limited to **names and dates of birth**, with no indication that **Social Security numbers, financial data, or other highly sensitive details** were accessed or stolen. While the attack disrupted operations and necessitated breach notifications, there was no evidence of identity theft, financial fraud, or broader systemic damage stemming from the incident. The foundation likely faced reputational harm and operational costs related to incident response, forensic investigations, and compliance obligations under data protection laws. However, the overall impact remained contained to non-financial personal identifiers, with no escalation to critical infrastructure, employee records, or large-scale customer data leaks.

Source: https://www.atg.wa.gov/data-breach-notifications | https://data.wa.gov/resource/sb4j-ca4h.json?id=10281

TPRM report: https://www.rankiteo.com/company/uri-foundation

"id": "uri1014090725",
"linkid": "uri-foundation",
"type": "Ransomware",
"date": "4/2020",
"severity": "75",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

{'affected_entities': [{'customers_affected': '500 (Washington residents)',
                        'industry': 'education',
                        'location': 'Rhode Island, USA (affecting Washington '
                                    'residents)',
                        'name': 'University of Rhode Island Foundation',
                        'type': 'non-profit, educational foundation'}],
 'data_breach': {'number_of_records_exposed': '500',
                 'personally_identifiable_information': ['names',
                                                         'dates of birth'],
                 'sensitivity_of_data': 'moderate (names, dates of birth; no '
                                        'SSNs or financial data)',
                 'type_of_data_compromised': ['personal identifiable '
                                              'information (PII)']},
 'date_publicly_disclosed': '2020-09-02',
 'description': 'The Washington State Office of the Attorney General reported '
                'a data breach involving the University of Rhode Island '
                'Foundation. The breach was a ransomware attack affecting '
                'approximately 500 Washington residents. Compromised data '
                'included names and dates of birth, but no Social Security '
                'numbers or financial data were impacted. The breach occurred '
                'between April 18, 2020, and May 17, 2020, and was publicly '
                'disclosed on September 2, 2020.',
 'impact': {'data_compromised': ['names', 'dates of birth'],
            'identity_theft_risk': 'low (no SSNs or financial data '
                                   'compromised)',
            'payment_information_risk': 'none'},
 'references': [{'source': 'Washington State Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'Washington State '
                                                       'Office of the Attorney '
                                                       'General'},
 'response': {'communication_strategy': 'Public disclosure via Washington '
                                        'State Office of the Attorney General'},
 'title': 'University of Rhode Island Foundation Ransomware Attack and Data '
          'Breach (2020)',
 'type': 'ransomware, data breach'}