Johnson & Wales University says data breach impacted more than 20,000 individuals

Providence, Rhode Island-based Johnson & Wales University said it experienced a data security incident in July that compromised the sensitive personal information of more than 20,000 individuals.

 

In a filing with the Office of Maine Attorney General, Johnson & Wales University said that on July 11, it identified unauthorised activities in its internal network and immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“On August 21, 2024, JWU learned that personal information related to certain individuals may have been accessed in connection with the incident. JWU worked diligently to identify and gather contact information for potentially affected individuals and to engage a vendor to assist with notification. This process was completed on September 6, 2024,” the University said.

 

The compromised data included names, Social Security Numbers and financial account information. The university’s filing with the Maine state regulator revealed that at least 22,710 individuals were impacted by the incident.

 

“Upon discovering the event, JWU moved quickly to investigate and respond to the incident, assess the security of JWU systems, and identify potentially affected individuals. Further, JWU notified federal law enforcement regarding the event. JWU also implemented additional safeguards and training,” JWU added.

 

The educational institution has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through Kroll to all individuals whose sensitive personal data was compromised during the incident.

 

Last week, Providence Public School District also disclosed a data security incident where threat actors targeted the district’s internal network. Later, the Medusa ransomware group claimed responsibility for the cyber attack and listed the school district as a victim on its data leak site.