Posted On May 16, 2023 Consumer Privacy & Data Breaches
May 16 – Whitworth University discovered on April 28, 2023 that a ransomware attack had compromised the security of sensitive student data and promptly notified the Attorney General of Maine of the incident. According to the company’s complaint, the breach exposed full names, student ID numbers, passport numbers, health information, Social Security numbers, and birth dates of students. After discovering a compromise of consumer information, Whitworth University immediately started notifying those who were affected via letter.
Data breach lawyers at Console & Associates, P.C. are now conducting an investigation into the data breach at Whitworth University. We are offering free consultations to anybody who has received a breach notice and would like to learn more about the risks of identity theft, what they can do to protect themselves, and what legal options are available to them for financial recompense from the company.
Whitworth Institution is a private, Presbyterian-affiliated Christian university. Spokane, Washington’s Whitworth University accepts over 3,000 freshmen each year, and they have their pick of roughly a hundred different majors, minors, and certificate programs. Whitworth University was founded in 1980 and has since grown to employ more than 721 people and earn around $150 million in yearly income.
The filing with the Maine Attorney General states that a ransomware attack occurred at Whitworth University on July 29, 2022. As a result, the institution has begun consulting with independent cybersecurity experts to determine the scope of the breach and the types of student information that may have been compromised.
According to the Whitworth University inquiry, the ransomware perpetrators gained access to folders holding sensitive student data.
When Whitworth University learned that private consumer information had fallen into the wrong hands, it immediately initiated an investigation of the compromised files to ascertain what data had been exposed and who had been affected. Your full name, student ID number, passport number, health information, Social Security number, and birth date may have been compromised.
Whitworth University notified anyone whose data was exposed by sending them letters on April 28, 2023.
In a ransomware attack, hackers compromise a business’s computer system by deploying malware. Malware, a sort of malicious software, is software that encrypts data and blocks access to a company’s internal network. Encoding makes files unreadable to anybody without the proper decoding software.
When hackers demand payment from a company in exchange for the return of stolen data, they introduce the “ransom” element. The data will be decrypted, and the assault will cease once the ransom is paid.
The threats made by hackers have become more sinister recently. If a company has duplicates of its data saved elsewhere, it will be far less inclined to pay the ransom. As a result, “double extortion” has become a common tactic among hackers. They have threatened to disclose the encrypted files on the dark web, where they might be used by anybody for fraudulent purposes if the corporation does not pay.
If data protection solutions are kept up-to-date and in good working order, ransomware assaults may be avoided. Hackers seek to find and exploit vulnerabilities in obsolete technologies. Businesses can stop assaults before they begin if their technology is up to date.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Whitworth University data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a portion of the letter sent to affected individuals:
You are receiving this letter because you are a current or former student of Whitworth University in Spokane, Washington. We are writing to inform you of an incident that may have exposed your personal information. Whitworth University takes the privacy of personal information seriously and wants to provide you with information and resources you can use to protect your information.
What Happened and What Information Was Involved: On July 29, 2022, we detected and stopped a ransomware attack in which an unauthorized third party accessed and disabled some of our systems. We immediately engaged third-party forensic specialists to assist us with securing the network environment and investigating the extent of any unauthorized activity. Our investigation determined an unauthorized third party may have accessed certain individual personal information during this incident. We found no evidence that your information has been specifically misused; however, it is possible that the following personal information could have been accessed by an unauthorized third party: first and last name, Social Security number, student identification number, date of birth, passport number, health information. This information is maintained for standard administrative purposes. Again, to date, we have not received information of a specific misuse of personal information. We have taken all efforts possible to mitigate any further exposure of your personal information and related identity theft.
What We Are Doing: Data security is one of our highest priorities. Upon detecting this incident, we moved quickly to initiate a response, which included conducting an investigation with the assistance of IT specialists and confirming the security of our network environment. We notified law enforcement. We wiped and rebuilt affected systems and have taken steps to bolster our network security. We are also reviewing and altering our policies, procedures, and network security software relating to the security of our systems and servers, as well as how we store and manage data. We are offering free credit monitoring and identity theft protection services through IDX, a leading identity protection technology company. IDX services include: [Redacted] months of credit monitoring and fully managed identity theft recovery services. With this protection, IDX will help you resolve issues if your identity is compromised.
What You Can Do: To enroll in Credit Monitoring services at no charge, please log on to [Redacted] and follow the instructions provided. When prompted please provide the unique code found above to receive services. IDX is available Monday through Friday, 6:00 am – 6:00 pm PST. Please note the deadline to enroll is January 3, 2023. We encourage you to take full advantage of this service offering. IDX representatives have been fully versed on the incident and can answer questions or concerns you may have regarding protection of your personal information. Enclosed you will find additional information regarding the resources available to you, and the steps that you can take to further protect your personal information.
For More Information: We recognize that you may have questions not addressed in this letter. If you have additional questions, please call IDX at 1-833-875-0646, Monday through Friday, 6:00 am – 6:00 pm PST. We value the security of the personal data that we maintain, and understand the frustration, concern, and inconvenience that this incident may have caused.