Cyber Incident Victim: Scholarship America

On or about April 28, 2020, Scholarship America's internal IT security processes detected suspicious activity within its Microsoft Office 365 email system, triggering immediate security protocols. The organization promptly shut down unauthorized access and initiated remediation efforts to contain the breach. Following containment, Scholarship America engaged independent IT security and forensics experts to conduct a comprehensive systemwide review. The investigation confirmed unauthorized access was limited exclusively to certain Office 365 email accounts, with no compromise of other systems or servers within the organization's IT network. Critical infrastructure storing student applications and program information remained unaffected throughout the incident. The forensic examination involved meticulous inspection of information stored in each impacted email account to determine the scope of exposure.

The breached data varied across individual cases but generally included names, mailing addresses, and telephone numbers. A subset of impacted individuals had protected information exposed, including Social Security numbers. Scholarship America confirmed the incident's impact remained confined to email account contents and did not extend to dedicated scholarship management systems or application databases. As of the notification date, the organization had received no evidence indicating misuse of any exposed sensitive information. Scholarship America provided direct notice to affected individuals but did not offer complimentary credit monitoring services in their response.