Cyber Incident Victim: Cornell University

In early January 2015, Cornell University experienced a cybersecurity breach perpetrated by an individual using the alias @MarxistAttorney, who simultaneously targeted the University of Hawaii. The attacker exploited SQL injection (SQLi) vulnerabilities in Cornell’s web infrastructure to gain unauthorized access to university systems. According to the hacker’s claims, the compromised data included non-sensitive employee contact information such as names, work email addresses, and work phone numbers. Additionally, the breach exposed details related to Cornell’s utilities accounts, encompassing operational information about power, heating, and gas systems. The attacker publicly dumped a subset of the stolen data, though the full scope of accessed records remained unclear. Cornell University did not respond to initial media inquiries about the incident at the time of reporting, leaving the breach unconfirmed by the institution.

The breach formed part of a broader campaign targeting educational institutions, with @MarxistAttorney explicitly citing motivations tied to protesting high tuition costs and student debt burdens. In public statements, the attacker identified as a university student facing significant financial strain and aimed to pressure universities into lowering fees by exposing their cybersecurity shortcomings. The hacker emphasized that SQLi vulnerabilities were the primary attack vector across multiple breaches, criticizing the targeted universities for inadequate security audits and vulnerability management. While the University of Hawaii had patched its vulnerability post-breach, the article did not specify whether Cornell implemented similar remedial measures. No evidence suggested student data compromise at Cornell, unlike prior breaches at Hawaii involving sensitive student information. The incident highlighted operational risks to university infrastructure systems but did not disclose specific disruptions or financial impacts stemming from the breach.