Cyber Incident Victim: University of Rhode Island
Date:
Aug 2015
Location:
United States of America
Summary
The University of Rhode Island experienced a data security incident involving unauthorized collection of non-public information from approximately 3,000 current and former students, including names, institutional email addresses and passwords, dates of birth, and in some cases personal email credentials and associated social media account details. Evidence suggested unauthorized access to personal email and Facebook accounts of affected individuals. The institution notified impacted parties through multiple channels, initiated password resets for institutional systems, and reported the incident to law enforcement authorities including the Rhode Island Attorney General's Office and campus police while continuing to investigate the breach timeline and scope.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In August 2015, the University of Rhode Island disclosed a data security incident involving unauthorized collection of sensitive information from approximately 3,000 current and former students. An individual unaffiliated with the university—neither a student nor employee—gathered non-public details including names, URI email addresses (@my.uri.edu), associated passwords, and dates of birth. For several individuals, the compromised data extended to personal email addresses (such as Gmail, Yahoo, or Hotmail accounts) and their corresponding passwords. Evidence suggested unauthorized access to some victims’ personal email and Facebook accounts, though the exact timeline of the breach remained under investigation by URI and law enforcement. The university identified affected parties through forensic analysis and initiated multi-channel notifications, sending alerts to compromised URI email accounts, alternate email addresses on file, and physical letters to last known addresses. These communications outlined the breach scope, provided password-reset instructions, and referenced a dedicated incident website for updates.
URI engaged the Rhode Island Attorney General’s Office and Campus Police in the investigation while advising impacted individuals to immediately change passwords for all URI systems, personal email accounts, and social media profiles—particularly those using URI email addresses for verification. The university planned to publish guidance for obtaining replacement URI email addresses but emphasized broader credential updates as the critical first response. For financial security concerns, URI directed victims to standard identity theft protocols: contacting financial institutions, placing fraud alerts with major credit bureaus (Equifax, Experian, TransUnion), reviewing credit reports, and filing reports with the Federal Trade Commission and local law enforcement if suspicious activity occurred. No direct evidence indicated physical safety risks, but the university encouraged reporting unusual contacts to authorities. Internal measures included disabling compromised credentials and enhancing system monitoring, though specific technical safeguards were not detailed in public advisories. Ongoing updates were promised via the incident website and direct emails as the investigation progressed.