Cyber Incident Victim: University of Washington

On January 29, 2015, the University of Washington discovered that several of its websites hosted on a specific server had been compromised and defaced. The incident was identified early that morning, with hackers replacing legitimate content on affected sites—including enrollment.washington.edu and personnel pages under faculty.washington.edu—with an extremist message. The defaced pages displayed an image of a cross and an American flag accompanied by text threatening death to Americans in Iraq at the hands of Mujahideen fighters. A signature attributed to the Moroccan Islamic Union-Mail, a hacker group with a history of targeting U.S.-based Jewish websites, appeared below the message. The group publicly claimed responsibility for the attack in a Facebook post, asserting they had breached four UW sites. University officials, including Associate Director of Technical Services Matt Saavedra, confirmed the server breach and characterized the incident as website defacement.

The university responded by taking all affected websites offline by the afternoon of January 29. Technical staff isolated and removed the compromised server from the network, confirming that no other university systems were breached. UW Director of News and Information Victor Balta issued a statement acknowledging the defacement and confirming ongoing efforts to restore the impacted sites. An investigation into the incident was initiated to determine the extent of the intrusion and identify vulnerabilities. The enrollment.washington.edu site, which served as an informational resource for enrollment management operations, remained inaccessible during restoration efforts. No data theft or secondary disruptions beyond the defacement were reported in the immediate aftermath. University communications emphasized containment of the incident to the single server and did not disclose further technical details about the attack vector or restoration timeline.