Cyber Incident Victim: Franklin College

On January 21, 2022, Franklin College experienced a network security breach involving a malicious code attack that compromised systems containing personal information. The attackers deployed this code to infiltrate the college’s network, though specific technical details regarding the attack vector or initial detection methods were not publicly disclosed. College officials immediately initiated an internal investigation following the breach but withheld public notification during this period to assess the scope and nature of the compromised data. The breach remained under active investigation for approximately five months, during which the institution worked to identify affected individuals and the types of data exposed. No evidence suggested operational disruptions to academic activities or additional systems beyond those storing personal data.

The investigation concluded in June 2022, confirming that unauthorized actors potentially accessed names and driver’s license or state identification numbers belonging to individuals associated with the college. Nearly 6,000 people were identified as potentially impacted by the breach. Franklin College delayed notifying affected parties until August 29, 2022, when it issued formal letters disclosing the incident and the specific categories of exposed information. The notification did not specify whether financial data, academic records, or other sensitive details were involved. No public statements referenced ransomware demands, data misuse, or law enforcement involvement. The college’s response focused on informing affected individuals without offering additional mitigation services beyond the disclosure of the breach’s scope.