Cyber Incident Victim: Wyzant

On April 27, 2019, an unauthorized actor infiltrated systems belonging to Wyzant, an online tutoring marketplace connecting students with instructors. The intrusion remained undetected until May 2, 2019, when company personnel identified an anomaly within a single database. This discovery triggered an investigation that confirmed unauthorized access to personally identifiable information (PII). Compromised data included user names, email addresses, and ZIP codes. Individuals who had authenticated through Facebook integration also had their social media profile pictures exposed. The platform explicitly stated that passwords, financial records, and user activity logs were not accessed or exfiltrated during the breach. Wyzant did not disclose the exact number of affected accounts but acknowledged its overall user base exceeded two million registered students and 80,000 tutors. The company did not specify whether both student and tutor accounts were compromised or if the breach disproportionately impacted one user group.

Wyzant contained the incident by patching the underlying vulnerability that enabled the attacker's access, though technical details of the exploit were not publicly released. Internal audits and forensic investigations commenced immediately following breach discovery to assess the full scope and attack methodology. No evidence suggested misuse of exposed data at the time of notification. Impacted individuals received direct email communications outlining the compromised data types while being advised to monitor for potential phishing attempts leveraging their exposed information. The company emphasized ongoing security enhancements but provided no specifics regarding additional protective measures implemented beyond the initial patch. Operational systems remained functional throughout the incident response period, with no reported service disruptions attributed to the breach or remediation efforts.