Cyber Incident Victim: University of Central Florida

In September 2016, the University of Central Florida discovered a payment card data breach affecting a minimum of 230 students. Investigators determined the breach stemmed from malware infections on computer systems operating at three food and retail establishments within the UCF student union: Asian Chao, Huey Magoo's, and the Corner Cafe. The malware compromised payment card information used at these locations, though the specific timeframe of unauthorized access was not disclosed in available reports. University officials publicly confirmed the breach in early October 2016 through statements reported by Orlando NBC affiliate WESH. The incident marked the second cybersecurity event disclosed by UCF within the same calendar year, though authorities emphasized its separation from prior unauthorized access incidents.

Forensic analysis revealed all three compromised entities shared common management under a single company, though the organization's identity remained unspecified in public disclosures. The breach investigation focused exclusively on point-of-sale systems handling payment card transactions, with no evidence suggesting expansion beyond these retail environments. This incident occurred approximately nine months after UCF's January 2016 disclosure of a separate breach involving unauthorized access to Social Security numbers belonging to 63,000 students and faculty members. University representatives explicitly stated no connection existed between the payment card malware incident and the earlier Social Security number compromise, maintaining distinct causes and attack vectors for each event. The disclosure highlighted persistent cybersecurity challenges facing educational institutions managing complex vendor relationships and payment infrastructures.