Cyber Incident Victim: Prescott College

Prescott College experienced a cybersecurity incident involving unauthorized access to its computer systems between October 26 and October 29, 2022. The breach was initially detected through the identification of suspicious activity within the institution's IT infrastructure, prompting immediate containment measures. Upon discovering the intrusion, the college secured its systems, notified law enforcement agencies, and engaged cybersecurity experts to investigate the scope and nature of the compromise. The forensic investigation confirmed that an unauthorized actor had exfiltrated certain files containing sensitive information during the three-day access period before being terminated by the college's security protocols. The compromised data repository included confidential records pertaining to students and other individuals associated with the educational institution, though the specific systems targeted were not detailed in public filings.

The institution completed its review of affected files on March 9, 2023, determining that exposed information varied by individual but potentially included names and driver's license numbers among other unspecified sensitive data elements. Prescott College formally notified the Maine Attorney General's office about the breach on April 5, 2023, in compliance with state data protection regulations. Concurrently, the college initiated direct notification procedures by mailing data breach letters to all impacted individuals whose personal information was exposed in the incident. The compromised records created heightened risks of identity theft and financial fraud for affected parties due to the sensitive nature of the exposed identifiers. No operational disruptions or academic impacts beyond the data exposure were documented in the regulatory filing, with institutional response efforts focused on forensic investigation, regulatory compliance, and victim notification rather than public disclosure of technical remediation measures.