One-sentence summary:
Bridgewater-Raritan Regional School District Breach in New Jersey was breached in December 2022, and the threat actors made out with the SSNs (social security numbers) and insurance information of employees.
Who was involved?
A threat actor, Bridgewater-Raritan Regional School District Breach, and several BRRSD employees.
What was the timeline?
The initial breach occurred on December 10, 2022, and was discovered by the school district on December 12, 2022. The district notified data victims on January 27, 2023, via mail (Bridgewater-Raritan Regional School District, n.d., para. 2).
What occurred?
Through an undisclosed method, an adversary breached the Bridgewater-Raritan Regional School District’s network and maintained persistence for approximately two days while collecting SSNs and insurance information of employees. The district quickly detected the activity and initiated incident response efforts with an external incident response team (Bridgewater-Raritan Regional School District, n.d., para. 1). Over a month later, victim employees were notified and support services were offered.
Estimated costs:
Identity theft monitoring costs, incident response costs, and 12-hour call center costs (Goldman, 2023, para. 6).
Involved laws:
N/A.
Root cause:
TBA or N/A (see disclaimer)
Lessons learned:
TBA or N/A (see disclaimer)
Sources:
Bridgewater-Raritan Regional School District. (n.d.). Data Incident – Bridgewater-Raritan Regional School District. Retrieved February 15, 2023, from https://www.brrsd.org/data-incident
Goldman, J. (2023, February 14). Bridgewater-Raritan Schools Data Breach Exposes Personal Info. GovTech. Retrieved February 15, 2023, from https://www.govtech.com/education/k-12/bridgewater-raritan-schools-data-breach-exposes-personal-info