Cyber Incident Victim: Verizon

On January 3, 2022, Martin University in Indianapolis experienced a ransomware attack that disrupted its operations and triggered an investigation. The university immediately initiated response protocols to assess the scope and impact of the incident. Forensic analysis focused on determining whether threat actors accessed or exfiltrated files containing personal information during the attack. Despite extensive investigation efforts, the university could not conclusively establish whether unauthorized parties actually viewed or acquired sensitive data. This uncertainty stemmed from the nature of ransomware attacks, which often obscure evidence of data access through encryption and obfuscation techniques. The investigation remained ongoing for several months as the institution worked to reconstruct events and evaluate potential data exposure risks.

In response to the unresolved data access question, Martin University implemented precautionary notifications in May 2022. The institution alerted current and former students, along with prospective students who had interactions with the university between January 2017 and January 2022. Recognizing potential gaps in their notification process, the university established a dedicated phone line (1-800-939-4170) for individuals within this timeframe who did not receive direct notice, offering complimentary identity protection services enrollment. While the university's press release directed affected parties to its website for additional information, no public notice regarding the incident was visible on the site at the time of external reporting on May 26, 2022. The notification strategy reflected the institution's precautionary approach given the investigation's inconclusive findings regarding personal information compromise.