Cyber Incident Victim: @MarxistAttorney
Date:
Dec 2014
Location:
United Kingdom
Summary
The hacker known as @MarxistAttorney breached multiple universities, including California State University, University of Kentucky, University of Connecticut, University of Maryland, Coastal Carolina University, Abertay University, and Fordham University, exfiltrating and publicly dumping sensitive data such as login credentials and employee IDs. The attacker claimed the intrusions were motivated by "lulz" and aimed to undermine institutional IT security, with evidence suggesting personal grievances may have influenced some targets. While most impacted institutions confirmed investigations, Abertay University clarified its breach involved a separate promotional site not hosted on its main infrastructure. The incident highlighted systemic vulnerabilities in the education sector’s data protection and insufficient federal oversight of such breaches.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 3, 2015, an individual or group using the alias "@MarxistAttorney" claimed responsibility for hacking multiple universities and colleges, publicly disclosing stolen data via Pastebin and their website (yourattorney.nl). The affected institutions included California State University, University of Kentucky, University of Connecticut, University of Maryland, Coastal Carolina University, Abertay University, and Fordham University. @MarxistAttorney provided data dumps for each entity as proof of compromise, though some data originally attributed to California State University was identified as originating from a prior San Diego Zoo breach attributed to "Paw Security." The attacker stated their motivation was "the sole pleasure of the lulz" and a desire to undermine university IT teams by publicizing sensitive information, which reportedly included thousands of login credentials, employee IDs, and other confidential data. A tweet from @teamcarbonic suggested a personal grievance against the University of Maryland related to a rejected application, though @MarxistAttorney did not confirm this as a specific motive.
Affected universities initiated investigations following DataBreaches.net's inquiries, with varying levels of acknowledgment. The University of Kentucky confirmed they were investigating the breach within 24 hours of notification. Abertay University clarified that compromised data originated from a separately hosted promotional site (daretobedigital.co.uk) for a gaming competition, not their primary academic systems. The University of Maryland responded four days post-notification, stating they were investigating but provided no further details. Fordham University proactively submitted a statement despite not being named in @MarxistAttorney’s initial claims, likely due to its inclusion on #TeamCarbonic’s target list. No other institutions confirmed or denied the breaches publicly. The incident highlighted systemic gaps in federal oversight of educational sector breaches, with the FTC citing jurisdictional limitations over non-profits under Section 5 of the FTC Act and offering no substantive response to arguments that financial data compromises might fall under the Safeguards Rule.