Cyber Incident Victim: Savannah College of Art and Design

In July 2022, the Savannah College of Art and Design (SCAD) experienced a cybersecurity incident involving unauthorized access to its systems. An unauthorized actor gained access to personnel files containing sensitive personal information of a limited number of current and former students and employees. The breach was detected by SCAD's security systems, prompting immediate containment actions that rapidly shut down the illegal activity. The university engaged a third-party cybersecurity consultant to conduct a forensic investigation, which confirmed the compromise of files containing names, social security numbers, and dates of birth. SCAD coordinated with law enforcement regarding the criminal investigation but did not disclose whether ransomware or financial demands were involved in the attack.

The compromised data exposed affected individuals to potential identity theft risks. SCAD notified all impacted parties in accordance with legal requirements and provided details about the specific information exposed in each case. The university offered complimentary identity protection services and committed to ongoing support for victims until resolution. No operational disruptions occurred due to the breach, which SCAD attributed to early detection and swift response measures. The institution stated it would implement enhanced security safeguards and monitoring technologies while maintaining cybersecurity as a top priority. A former employee confirmed receiving breach notification details and mitigation offers, though the total number of affected individuals remained unspecified in public disclosures.