Cyber Incident Victim: University of Memphis

On December 4, 2020, the University of Memphis disclosed a security breach involving unauthorized access to a university email account. According to an email sent to faculty and staff by Chief Information Officer Robert Jackson, an individual successfully hacked into the account, potentially exposing personal information belonging to certain employees. The compromised data existed in an unencrypted format within the email system, making it accessible to the attacker during the breach window. While the university stated it found no evidence that information was stolen or misused, the incident nevertheless placed faculty and staff members’ private details at risk of exposure. The notification did not specify the exact number of affected individuals or the duration of unauthorized access, nor did it detail the precise methods used by the attacker to compromise the account.

The University of Memphis responded by issuing Jackson’s email notification on December 4 to inform the campus community of the breach. This communication confirmed the exposure of sensitive employee information but emphasized the institution’s assessment that no data theft or misuse had occurred. No additional technical containment measures, forensic investigations, or post-incident remediation steps were described in the disclosed email or subsequent public reporting. The breach drew media attention through coverage by the Memphis Business Journal, which obtained and published details from the internal university communication. The incident highlighted vulnerabilities associated with unencrypted data storage in institutional email accounts, though the university provided no further updates regarding long-term impacts or changes to its security protocols following the disclosure.