Cyber Incident Victim: Kentucky State University
Date:
Mar 2016
Location:
United States of America
Summary
A phishing attack targeting Kentucky State University resulted in unauthorized disclosure of sensitive information after an employee responded to an email impersonating the institution's president. The compromised data included names, Social Security numbers, addresses, and 2015 W-2 forms for 1,071 individuals—comprising current employees, students, and former staff members. The university notified credit reporting agencies and law enforcement while offering affected individuals complimentary credit monitoring services to mitigate potential identity theft risks stemming from the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 22, 2016, Kentucky State University experienced a data breach when an employee fell victim to a phishing email impersonating university president Raymond Burse. The fraudulent email requested 2015 W-2 tax forms for employees, leading the staff member to inadvertently transmit sensitive documents containing personally identifiable information. Attackers compromised data for 1,071 individuals, including current employees, students, and former staff members. Exposed records contained names, Social Security numbers, addresses, and institutional identification details from the 2015 tax year. The breach specifically affected 452 current regular employees, 210 students, and 409 former employees based on subsequent police reports. This incident occurred during tax filing season, a period when W-2-related scams typically increase according to cybersecurity experts. The attackers exploited institutional trust by spoofing the president's identity to bypass standard verification protocols. No technical system vulnerabilities or hacking methods beyond email deception were reported in available documentation.
University president Raymond Burse publicly confirmed the breach through an official website announcement, initiating multiple response measures. Authorities notified the three major credit reporting agencies—Equifax, Experian, and TransUnion—while also alerting federal and state law enforcement agencies that launched investigations. Affected individuals received recommendations to monitor financial accounts closely and request free credit reports from credit bureaus. The university arranged complimentary one-year identity monitoring subscriptions through an unspecified credit agency service. Internal Revenue Service Commissioner John Koskinen referenced the incident in an official IRS release as an example of evolving tax-season phishing tactics targeting payroll documentation. The breach's discovery timeline indicates immediate recognition after the unauthorized data transmission, though specific containment procedures beyond credit monitoring and legal notifications weren't detailed in public records. Police documentation provided the definitive victim count and demographic breakdown during subsequent investigations.