Cyber Incident Victim: Florida International University
Date:
Apr 2022
Location:
United States of America
Summary
The BlackCat ransomware group claimed responsibility for an attack on Florida International University, alleging theft of 1.2 TB of sensitive data including contracts, accounting documents, social security numbers, and email databases belonging to students, faculty, and staff. While the institution stated no evidence indicated compromised information during its ongoing investigation, cybersecurity experts reviewing the purportedly stolen data confirmed it contained sensitive university records. The incident marked one of multiple U.S. higher education ransomware attacks attributed to BlackCat, which analysts suspect is a rebrand of earlier threat groups and has targeted other organizations globally. The group's claims contradicted initial institutional assurances, reflecting a pattern observed in previous ransomware incidents where data breaches were later verified upon public leaks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 11, 2022, the BlackCat (ALPHV) ransomware group publicly claimed responsibility for an attack on Florida International University (FIU), alleging the theft of approximately 1.2 terabytes of sensitive data. The group stated the exfiltrated information included contracts, accounting documents, social security numbers, email databases, and personal details of students, faculty, and staff. FIU acknowledged the claim in a campus-wide communication on the same day, confirming an ongoing investigation but asserting no initial evidence of compromised sensitive data. The university declined to provide further details or respond to follow-up inquiries regarding the attackers’ assertions. Independent cybersecurity experts who reviewed samples of the allegedly stolen data verified that it contained genuine sensitive information belonging to FIU community members, contradicting the university’s preliminary assessment.
This incident marked FIU as the eighth U.S. higher education institution targeted by ransomware in 2022, following attacks on institutions including Ohlone College, Savannah State University, and North Carolina A&T University. Recorded Future ransomware specialist Allan Liska noted a surge in attacks against educational institutions, with 37 publicly reported incidents in the first quarter of 2022 alone—exceeding totals for comparable periods in prior years. BlackCat, linked by analysts like Emsisoft’s Brett Callow to earlier groups such as BlackMatter and DarkSide, had previously targeted multiple universities, German oil firms, and Italian fashion brand Moncler. Callow cautioned that organizational statements denying initial evidence of data compromise often precede eventual confirmation of breaches, citing historical patterns where attackers later published stolen data. The university did not disclose technical specifics of the intrusion, containment measures, or operational impacts beyond the data exfiltration claim.