A global resource in education and learning development, World Learning has provided education programs in over 150 countries. Following an event in April, officials determined a data breach influencing World Learning’s systems.
The published notices about the event describe the symptoms as “suspicious activity” but offer little auxiliary information. Unless more is made public about the event, it is challenging to discern how the breach happened, much less what the assailants did or wanted while within the network. The attack is unlikely a part of a more significant event, like the global MOVEit breach.
According to subsequent investigations, the attack occurred in late April and lasted until around June 6th. On or around this day, officials discovered the suspicious activity. Internal reviews ended around October 23rd after World Learning began preparing event notifications. Around November 27th, officials began sending impact notices.
It is unclear who may have had details taken in this breach. The Maine Attorney General’s filing suggests a couple thousand people have had their data taken; however, there are no indications about the impacted group. Students, parents, partners, faculty, alumni, or staff may have lost their data.
The Maine filing says the breach may impact 3,022 people. However, depending on the information the assailants stole, there may be further impacts. Due to limited public information, those associated with World Learning should take action. Monitor financial, credit, and identity accounts for further criminal activity; don’t wait for a physical notice to take preventative action.