Cyber Incident Victim: University of Connecticut
Date:
Dec 2014
Location:
United States of America
Summary
The University of Connecticut was among several universities targeted by a hacker using the alias @MarxistAttorney, who publicly claimed responsibility for breaching their systems and dumping stolen data as proof. The compromised information reportedly included thousands of logins, employee IDs, and other sensitive data, with the attacker stating the intrusions were motivated by "lulz" and a desire to undermine institutional IT security. While some affected universities, such as Kentucky and Maryland, acknowledged the claims and initiated investigations, there was no public confirmation or denial from the institution itself regarding the breach's validity or impact. The incident highlighted broader concerns about inconsistent breach responses in the education sector and potential gaps in regulatory oversight.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early January 2015, the University of Connecticut was implicated in a multi-institution cyberattack claimed by the hacker using the alias @MarxistAttorney. The attacker publicly disclosed compromised data through Pastebin posts and their website (yourattorney.nl), listing UConn among six targeted educational institutions alongside California State University, University of Kentucky, University of Maryland, Coastal Carolina University, and Abertay University. Evidence supporting the intrusion claims included data dumps containing university credentials, though DataBreaches.net opted not to directly link to these materials. The hacker's initial statement cited motivations rooted in amusement ("lulz") and a desire to expose perceived deficiencies in institutional IT security practices, specifically mentioning possession of "thousands upon thousands of logins, employee ids, and various other sensitive information" intended for public release. While some institutions like the University of Kentucky promptly acknowledged investigating the claims upon media inquiry, UConn's administration did not provide public confirmation or denial of the breach when contacted by DataBreaches.net during the initial reporting period.
The incident revealed systemic challenges in breach verification within the education sector, as evidenced by Abertay University's discovery that their compromise originated from a separately hosted promotional website (daretobedigital.co.uk) rather than primary university systems. Forensic comparisons showed inconsistencies in attribution, with one dataset initially linked to California State University having been previously associated with a San Diego Zoo breach by another threat actor (#Op4Pawz). By January 8, 2015, four days after initial media notifications, only the University of Maryland had issued a generic statement confirming an investigation, while UConn's status remained unaddressed in public communications. The hacker's supplementary social media activity, including a retweet suggesting personal grievances against University of Maryland admissions decisions, introduced potential alternate motives despite their stated focus on entertainment value. No federal regulatory agency assumed investigative leadership for the breaches, reflecting ongoing jurisdictional ambiguities regarding educational institution data protection oversight at the time. The University of Connecticut's specific compromise scope, data types exfiltrated, and remediation actions were never formally disclosed in available documentation.