What happened
Kaplan North America began notifying individuals of a data breach after an unauthorized party gained access to its network and may have obtained sensitive personal information. The incident exposed data such as names combined with Social Security numbers, dates of birth, and driver’s license numbers, impacting at least 192,000 individuals. The breach was disclosed through notification letters sent to affected individuals following an internal investigation into the unauthorized access.Â
Who is affected
Individuals whose personal information was stored in Kaplan’s systems are affected, particularly those whose sensitive identifiers may have been accessed during the breach.Â
Why CISOs should care
The incident highlights how breaches involving education and training providers can expose highly sensitive identity data, increasing the risk of fraud and identity theft for affected individuals.Â
3 practical actions
- Review exposure of sensitive identity data. Systems storing Social Security numbers and similar identifiers should be tightly secured.Â
- Monitor for identity theft risks. Exposed data can be used in fraud, phishing, or account takeover attempts.Â
- Ensure timely breach notification processes. Prompt disclosure helps reduce downstream risk and aligns with regulatory expectations.Â
For more coverage of major security incidents affecting organizations worldwide, explore our reporting on Data Breaches.