Cyber Incident Victim: University of Greenwich
Date:
Jun 2016
Location:
United Kingdom
Summary
The University of Greenwich suffered a data breach and website defacement by a threat actor claiming retaliation for academic expulsion, who leaked approximately 2.74GB of sensitive institutional data. The compromised information included student and staff records, examination details, grades, medical and leave records, private communications, and personal credentials such as names, emails, passwords, and locations. The attacker replaced the institution's homepage with a message taunting administrators and providing a download link for the stolen data, which was subsequently removed but not before widespread exposure. The breach's full scope remained under investigation, with no public claims of responsibility or official statements from the affected organization at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around June 12, 2016, the University of Greenwich suffered a cyberattack resulting in unauthorized access to its servers and subsequent data exfiltration. An unidentified individual breached the university’s systems, defaced its website by replacing the homepage with a custom message, and published a link to stolen data via the MEGA file-sharing service. The defacement message attributed the attack to revenge motives, suggesting the perpetrator was a former student or staff member expelled due to perceived elite hacking skills. The message explicitly referenced the institution’s alleged inability to "handle the beast" and included a plea for readmission. University administrators removed the defaced page and associated data links shortly after they circulated on social media platforms, particularly Twitter. Forensic analysis confirmed the attacker extracted a 2.74GB database containing comprehensive institutional records.
The compromised data included highly sensitive information encompassing student and staff details such as full names, email addresses, passwords, and geographic locations. Additional records exposed examination results, academic grades, staff medical absences, vacation schedules, and private communications between students and faculty members. Security researcher Oren Yaakobi of Hacked-DB verified the database’s contents through technical analysis, though the total number of affected accounts remained under investigation at the time of reporting. No threat actor publicly claimed responsibility for the intrusion beyond the defacement message’s content. The University of Greenwich did not issue an official press statement or public acknowledgment of the incident during the initial disclosure period, leaving the full operational impact and remediation measures unconfirmed in open sources. Data exposure risks included potential identity theft, credential misuse, and unauthorized access to confidential academic and medical records.