Cyber Incident Victim: University of California Washington Center
Date:
Jun 2014
Location:
United States of America
Summary
The University of California Washington Center notified alumni of a breach impacting its cloud-based course pre-enrollment system provider, GoSignMeUp.com, after an attack compromised usernames, passwords, email and postal addresses, gender, dates of birth, and course enrollment details. The incident was discovered shortly after the unauthorized access occurred, prompting the institution to advise affected individuals to change their passwords and collaborate with the vendor to strengthen security measures protecting user data. No additional details regarding the attack methodology or total number of impacted alumni were disclosed by either the university or the vendor at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 7, 2014, the University of California Washington Center (UCDC) experienced a data breach through its cloud-based course pre-enrollment system vendor, GoSignMeUp.com. Attackers compromised the vendor's systems, accessing alumni data including usernames, postal addresses, email addresses, passwords, gender, date of birth, and records of courses taken. UCDC discovered the breach two days later on June 9, though the specific intrusion methods and attacker identity remained undisclosed. The university promptly notified affected alumni about the exposure of their personal information and explicitly advised them to change their passwords as a precautionary measure. UCDC coordinated with GoSignMeUp.com to implement enhanced security measures for user data, though no technical details about these improvements were provided.
UCDC formally reported the incident to the California Attorney General’s Office, as evidenced by a public notification document. The university did not disclose the total number of affected alumni despite external inquiries from DataBreaches.net, which contacted both UCDC and GoSignMeUp.com for clarification. Neither party responded to questions about whether the attack specifically targeted UCDC data or impacted other clients of the vendor. The compromised information posed risks of credential reuse and potential identity theft due to the inclusion of birth dates and contact details. Public reporting confirmed the breach’s occurrence and data types involved but left unresolved questions about the attack’s origin, full scope, and whether additional vulnerabilities existed in the vendor’s systems. No further updates regarding investigation outcomes or mitigations were available through the source material.