Cyber Incident Victim: Newcourse Communications
Date:
Apr 2022
Location:
United States of America
Summary
Newcourse Communications experienced a cybersecurity incident involving unauthorized access to its computer systems, compromising personal information including names and Social Security numbers of 47,979 individuals. The breach was contained after the company engaged third-party specialists to investigate and secure its network, with affected parties notified following a review of compromised data. The Nashville-based data-processing provider confirmed the intrusion enabled attackers to access sensitive consumer data during a limited period before mitigation efforts were implemented.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Newcourse Communications, Inc. disclosed a data breach to multiple state attorney general offices on August 18, 2022, following unauthorized access to its computer systems by hackers. The intrusion occurred between April 27, 2022, and May 3, 2022, during which attackers compromised sensitive consumer information. Upon discovering the breach, Newcourse secured its network and engaged third-party cybersecurity specialists to investigate the incident's scope and nature. The forensic investigation confirmed unauthorized access to systems containing personally identifiable information. By August 5, 2022, Newcourse completed its review of affected files, determining that attackers potentially accessed names and Social Security numbers of individuals. The company identified 47,979 affected consumers through this analysis. Newcourse initiated notification procedures on August 18, 2022, mailing data breach letters to all impacted parties. The breach notification included details about the compromised information types and offered free credit monitoring services to victims, typically spanning 12-24 months. No evidence of actual misuse of stolen data was reported in the company's filings with state authorities. The incident triggered mandatory reporting under state data breach notification laws, with filings submitted to attorney general offices in Maine, Vermont, Massachusetts, and other jurisdictions.
Founded in 2005 and headquartered in Nashville, Tennessee, Newcourse Communications operates as a data-processing and print/mail service provider specializing in custom solutions for mortgage, automotive, credit union, and banking industries. The company supports clients using various servicing platforms including BKFS, FICS, Megasys, and proprietary in-house systems. With 32 employees and approximately $6 million in annual revenue, the breach impacted systems handling sensitive customer data processed for financial sector clients. The compromised information specifically included names paired with Social Security numbers, creating significant identity theft risks for affected individuals. Newcourse's breach response involved immediate network containment followed by comprehensive forensic analysis to establish intrusion parameters and data exposure timelines. The company's notification letters detailed the specific personal information accessible to attackers during the seven-day breach window. While no operational disruptions or additional compromised data types were reported, the incident exposed systemic vulnerabilities in protecting highly sensitive consumer identifiers within Newcourse's infrastructure.