Cyber Incident Victim: Oberlin College
Date:
Mar 2019
Location:
United States of America
Summary
Prospective students at Oberlin College and two other institutions received ransom demands following unauthorized access to their admission files via a vulnerability in the Slate single-sign-on system. Attackers claimed to have stolen applicant data and demanded payments of up to one Bitcoin per victim, prompting the affected colleges to confirm the breach and extortion attempts. The incident highlighted risks associated with authentication weaknesses in shared educational platforms.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early March 2019, Oberlin College in Ohio was among three elite U.S. institutions targeted in a ransomware attack affecting applicant data. Attackers infiltrated the colleges' admission systems by exploiting a single-sign-on vulnerability in the Slate platform, a centralized system used for managing prospective student information. The breach resulted in unauthorized access to admission files containing sensitive applicant details. Threat actors subsequently sent ransom notes directly to affected prospective students, demanding payment of up to one Bitcoin (approximately $3,800 at the time) for the return of stolen data. Grinnell College publicly confirmed that its applicants had received these extortion emails, though all three institutions—including Oberlin and Hamilton College—faced identical attack patterns and demands. The incident occurred shortly before reports emerged about Chinese hackers targeting research institutions for maritime technology theft, though no direct connection between these campaigns was established in available reporting.
The colleges promptly reported the security incident, with evidence suggesting attackers specifically targeted admission records rather than broader institutional databases. While the exact number of compromised Oberlin applicants remains undisclosed, the breach exposed personal information submitted during the admissions process. Security researchers analyzing the attack emphasized that implementing two-factor authentication could have mitigated the vulnerability exploited in the Slate system. No public evidence indicated whether ransom payments were made or whether stolen data was subsequently leaked. The incident highlighted cybersecurity risks in higher education admission systems and demonstrated attackers' shift toward directly extorting individuals rather than solely targeting institutions. Financial impacts included potential Bitcoin payments demanded from victims, while reputational consequences affected multiple selective colleges simultaneously.