Cyber Incident Victim: Clarion University

On October 7, 2017, Clarion University experienced a phishing attack targeting employees in its registrar’s office, resulting in unauthorized access to two staff email accounts. The attackers maintained access to these accounts for four days until October 10, during which they potentially viewed sensitive student information stored within the compromised email systems. The university became aware of the breach through an unspecified notification process, though the exact timeline of detection relative to the attack window remains undisclosed. The incident stemmed from employees falling victim to a criminal phishing scam, though the specific tactics used (e.g., malicious links or attachments) were not detailed in public communications. No evidence suggested system-wide network infiltration beyond the two email accounts.

The breach exposed Social Security numbers and/or driver’s license numbers belonging to 408 students, constituting a significant compromise of personally identifiable information. Clarion University formally notified all affected students by December 7, 2017, approximately two months after the incident. Communication Manager Tina Horner publicly affirmed the institution’s commitment to data integrity and privacy protection in response to the incident. The university did not disclose whether it offered credit monitoring services to impacted individuals or implemented additional security training for staff following the breach. No subsequent reports confirmed misuse of the exposed data or detailed regulatory repercussions stemming from the event.