Cyber Incident Victim: Lakes Region Scholarship Foundation
Date:
Mar 2016
Location:
United States of America
Summary
The Lakes Region Scholarship Foundation experienced a computer security breach potentially compromising personal information of past scholarship applicants. Names, addresses, and Social Security numbers of former high school students who applied between 1996 and 2009 may have been accessed. The organization notified affected individuals and reported the incident to the New Hampshire Attorney General’s Office, acknowledging unauthorized exposure of sensitive data through this breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Lakes Region Scholarship Foundation publicly disclosed a potential data breach on March 17, 2016, notifying individuals who had applied for scholarships between 1996 and 2009 that their personal information may have been compromised. Executive Director Joan Cormier characterized the event as a "computer security breach incident" that potentially exposed applicants' names, addresses, and Social Security numbers. The foundation, which awards approximately $300,000 in scholarships annually to students from the Lakes Region high schools, took immediate steps to inform affected parties through direct notifications. These notifications were sent to former applicants spanning a thirteen-year period, indicating a significant temporal scope of potential data exposure. The organization also formally reported the incident to the New Hampshire Attorney General's Office through external legal counsel, demonstrating compliance with regulatory requirements. While the public disclosure occurred in March 2016, the exact timeline of when the breach was discovered relative to its occurrence remained unspecified in available documentation.
The incident impacted a substantial cohort of scholarship applicants whose sensitive personally identifiable information, particularly Social Security numbers, faced potential exposure to unauthorized parties. This type of compromised data created significant identity theft risks for affected individuals given the permanent nature of Social Security identifiers. The foundation's notification served as the primary public communication regarding the breach, though specific details about the attack vector, intrusion methods, or perpetrator identity were not disclosed in available records. Response actions focused on transparency through applicant notifications and regulatory compliance via official reporting to state authorities. The thirteen-year span of potentially affected applications suggested that both current students and older alumni could have been impacted by the data exposure. No subsequent public updates regarding investigation outcomes or additional mitigation measures were documented in the primary source materials related to this disclosure.