Cyber Incident Victim: University of Alaska
Date:
Sep 2016
Location:
United States of America
Summary
A phishing attack compromised sensitive data belonging to approximately 25,000 students, staff, and faculty members at the University of Alaska, exposing names and Social Security numbers after malicious emails tricked employees into revealing credentials. The attacker potentially accessed multiple accounts, prompting the institution to swiftly block unauthorized entry, though it remains unclear whether any information was actually viewed. Affected individuals were offered identity theft reimbursement insurance. This incident followed an earlier credential-based breach impacting over 5,400 students, which involved additional compromised data such as transcripts, contact details, grant awards, and appeals forms.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In December 2016, the University of Alaska suffered a data breach when one or more employees fell victim to a phishing scam involving malicious email content. Attackers stole an employee’s username and password, potentially gaining access to several sensitive accounts containing personal information. The compromised data included names and corresponding Social Security numbers belonging to approximately 25,000 students, staff, and faculty members across the university system. University officials, including Associate VP of Public Affairs Robbie Graham, confirmed the breach originated from employees being tricked into clicking on fraudulent email material. The institution acted swiftly to block the perpetrator’s access upon detection, though investigators could not definitively determine whether any information had been accessed or exfiltrated before containment measures were implemented. Notification letters were distributed to affected individuals in April 2017 – four months after the initial compromise – outlining the exposure risks and available remediation options.
This incident followed a separate September 2016 breach announcement where attackers using stolen employee credentials potentially accessed more extensive records of over 5,400 students, including names, Social Security numbers, academic transcripts, appeals forms, grant award details, addresses, and phone numbers. For the December 2016 breach, the university offered impacted individuals enrollment in an identity theft loss reimbursement insurance program as mitigation against potential financial fraud. The delayed notification timeline between the December 2016 compromise and April 2017 disclosure raised operational questions about incident response protocols. Both breaches demonstrated persistent targeting of university credentials through social engineering tactics, though the December attack showed reduced data exposure scope compared to the earlier September incident despite affecting nearly five times as many individuals.