Cyber Incident Victim: Uniformed Services University of the Health Sciences

In October 2015, a hacker using the alias Kuroi SH breached multiple domains belonging to the Uniformed Services University (USU), the United States' sole Federal Health Sciences University responsible for training military medical personnel. The attacker defaced eight USU websites and published a database containing login credentials from 2014, including names, email addresses, and plaintext passwords. The compromised email domains included @usuhs.mil, @us.army.mil, @med.navy.mil, @us.af.mil, and @coe.mil. Analysis confirmed the authenticity of the leaked data, which had not previously been exposed online. The hacker claimed the breach was conducted in support of Palestine and asserted access to 45,000 military emails, though only credentials from 2014 were released. Zone-h mirrors hosted evidence of the defacements, though these were temporarily on hold at the time of reporting. All affected USU domains were offline when the incident became public.

The breach exposed sensitive information of military personnel, including internal communications and credentials that could facilitate phishing attacks or compromise social media accounts due to password reuse. The storage of passwords in plaintext significantly amplified risks, as attackers could exploit credentials across multiple platforms without decryption. USU faced additional reputational damage from the impending Zone-h mirror publication, which threatened permanent public exposure of the stolen data. The university took immediate containment measures by taking the targeted domains offline, though no official statement had been issued by the time initial reports were published. The incident highlighted vulnerabilities in credential storage practices at a high-profile federal institution critical to national security medical training.