There have been so many Blackbaud-related security notifications that my first thought was that one by Scholarship America would be more of the same. But it’s not. It’s another hack involving Microsoft Office 365 accounts, which has been a growing problem this year. From their press release yesterday:
– Scholarship America, a nonprofit organization that manages scholarship and tuition assistance programs for different organizations, is providing notice to individuals impacted by the exposure of certain personal information.
On or about April 28, 2020, Scholarship America’s internal IT security processes detected suspicious activity within its email system which triggered security protocols. Upon discovery, Scholarship America took immediate action to shut down unauthorized access and remediate the problem. Scholarship America then brought in independent IT security and forensics experts to conduct a detailed systemwide review, which identified unauthorized access to some email accounts and included an extensive inspection of information stored in each impacted account. The investigation confirmed that the impact of this incident was limited to certain Microsoft Office 365 email accounts, and that no other systems or servers within the Scholarship America IT network were impacted, including where student applications and program information are stored.
The data that was subject to unauthorized access was different in individual cases. In general, the data contained a variety of elements such as names, mailing addresses, and telephone numbers, and, in some instances, it included protected information like Social Security numbers. Scholarship America has received no indication to-date that anyone’s sensitive information has been misused as a result of this incident.
You can read the rest of their press release here. They do not seem to be offering people any free credit monitoring services.