Cyber Incident Victim: University of Hawaii Maui College
Date:
Feb 2023
Location:
United States of America
Summary
The University of Hawaii Maui College experienced unauthorized access to its computer systems, prompting an investigation with cybersecurity experts that confirmed compromise of files containing confidential student information. Approximately 10,500 individuals were affected by the breach, leading the institution to take its systems offline, instruct staff to reset credentials, and issue notification letters to impacted parties detailing the incident. The compromised data specifics were not publicly disclosed despite the confirmation of unauthorized access to student records.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In mid-February 2023, the University of Hawaii Maui College detected unauthorized access to its computer systems, prompting immediate containment measures. The college took affected systems offline and engaged cybersecurity experts to conduct a forensic investigation. The inquiry confirmed that intruders had accessed certain files on the institution's IT network during the breach window. Investigators determined the incident exposed confidential information belonging to approximately 10,500 current and former students. While the college did not publicly specify the types of compromised data, administrators initiated a comprehensive file review to identify impacted individuals and assess the scope of information leakage. As an interim security measure, all staff received mandatory instructions to reset their passwords to prevent further unauthorized account access. The cyberattack investigation remained ongoing during the two-month period between detection and formal notification, though the institution did not disclose whether ransomware deployment, data exfiltration, or other tactical details accompanied the intrusion.
The University of Hawaii Maui College began issuing individualized breach notification letters to affected parties on April 6, 2023, marking the first public confirmation of the incident's data security implications. Neither the college nor its investigative partners released additional technical specifications regarding the attack vector, duration of system access, or exact nature of compromised records. The breach occurred within a statewide university system comprising three universities and seven community colleges, collectively generating $246 million in annual revenue and employing over 3,500 staff members. While the Maui College campus remained operational during recovery efforts, the security incident disrupted specific IT services requiring offline remediation. Notification letters provided personalized confirmation of data exposure to recipients but contained no generalized public disclosures about whether threat actors acquired academic records, financial information, or government identifiers. Institutional cybersecurity improvements implemented after detection included systemic password resets and enhanced access controls across administrative networks.