On September 6, 2024, Vista Higher Learning, Inc. (VHL) reported a data breach to the Attorney General of Massachusetts, revealing that it had been the victim of a cyberattack. The breach involved unauthorized access to sensitive consumer information, including names, Social Security numbers, and financial account details. Following an internal investigation, VHL identified the extent of the breach and began notifying affected individuals. The breach was detected after suspicious activity was noticed on July 23, 2024, leading to the discovery that unauthorized access had occurred as early as July 10, 2024.
Vista Higher Learning enlisted its IT vendor, Rapid7, to investigate the attack, confirming that a vulnerability in its network was exploited by an unauthorized party. After the breach was detected, VHL acted quickly to terminate the unauthorized activity on July 25, 2024. As a result, sensitive files containing personal consumer information had been accessed by the unauthorized party, prompting VHL to assess the full scope of the breach and identify the affected individuals.
VHL’s review of the compromised files determined that a range of sensitive information was exposed, including personal and financial data. The breach notice indicated that the specifics of what data was accessed varied depending on the affected individual. The breach included critical details such as Social Security numbers, names, and financial account information, heightening the risk for identity theft and fraud among impacted consumers.
To mitigate the potential impact, Vista Higher Learning began mailing data breach notification letters to all individuals whose information was affected by the attack. These letters provide recipients with information on what specific data was compromised and offer guidance on how to protect themselves. As VHL continues to investigate and respond to the breach, it has made efforts to bolster its security protocols to prevent future incidents and safeguard consumer information.
Reference:
