Cyber Incident Victim: University of Hawaii

On or around July 23, 2019, the University of Hawaii’s P-20 Partnerships for Education disclosed a potential compromise of personal information belonging to approximately 70,000 public school students. The incident stemmed from unauthorized access detected on a server managed by Graduation Alliance, a third-party vendor contracted to operate the My Future Hawaii website. This platform provided college and career planning resources, financial aid guidance, and streamlined University of Hawaii application processes for middle and high school students across the state. The University had shared student personal information with Graduation Alliance to facilitate these services. The vendor identified “suspicious” unauthorized access to one of its servers, triggering the breach notification. While the exact nature of the unauthorized activity remained unspecified, the incident raised concerns about exposure of student data entrusted to the vendor.

The potential compromise affected students from multiple public schools, though specific institutions or districts were not detailed in available reports. My Future Hawaii’s operational scope suggested impacted individuals were primarily middle and high school students engaged with college readiness resources. No explicit confirmation of data exfiltration or misuse was provided at the time of disclosure. The University and Graduation Alliance did not publicly elaborate on technical aspects of the server intrusion, detection methods, containment measures, or forensic findings. Public reporting emphasized the scale of potentially exposed records and the involvement of a third-party service provider handling sensitive student information. Hawaii News Now referenced a list of affected schools in its coverage, but this detail was not included in the primary source material.