Menu
Browse

Cyber Incident Victim: University of Alabama

Date:

Oct 2009

Location:

United States of America

Summary

The University of Alabama disclosed a historical unauthorized access incident involving a server at its Brewer-Porch Children’s Center, discovered during preparations to decommission outdated equipment. The breach exposed personal and medical information of former clients, alongside Social Security numbers and employment-related data of employees and medical providers associated with the center over a multi-year period. Approximately 1,400 individuals were impacted, with foreign-origin login activity identified as the intrusion vector. The institution provided notifications to affected parties in compliance with regulatory obligations.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 1 motive 1 technique
Threat Actors Type Location
0 actors Available to members Available to members

Description

In June 2019, University of Alabama staff preparing an old server for disposal at the Brewer-Porch Children’s Center discovered evidence of unauthorized login activity originating from outside the United States. The logins occurred between October 24, 2009, and December 9, 2009, indicating the server had been compromised approximately ten years prior to detection. The breach potentially exposed personal information of individuals associated with Brewer-Porch between September 27, 2002, and December 9, 2009. Affected parties included former clients who received services during this period, as well as employees and medical providers who worked at the center. The university initiated an investigation upon discovering the decade-old intrusion but did not specify whether forensic analysis determined the exact nature of data accessed or the identity of the threat actors.

Cyber Incident Image

The incident impacted 1,400 individuals, comprising 727 former clients whose personal and medical information resided on the server and 641 former employees and providers whose Social Security numbers and employment-related data were stored. The university issued notifications to all affected parties in compliance with regulatory obligations, disclosing the breach despite its age. No evidence suggested misuse of the exposed data in the intervening years between the intrusion and its discovery. The compromised server was being prepared for secure decommissioning when the historical unauthorized access was identified, though the university did not detail whether other systems were investigated for related compromises. Response efforts focused on transparency and fulfilling notification requirements rather than containment measures due to the elapsed time since the actual breach occurred.

Sources
Sources available to members
1 source