Cyber Incident Victim: University of Alaska
Date:
Jan 2018
Location:
United States of America
Summary
The University of Alaska experienced unauthorized access to its UAOnline system and certain email accounts, compromising personal information including names, government-issued IDs, dates of birth, digital signatures, financial account details, health records, and student identification numbers, with some Social Security numbers affected. The breach occurred over a period of weeks, prompting immediate termination of unauthorized access, a forensic investigation, and security protocol upgrades. The institution notified impacted individuals, provided credit monitoring services, and established a dedicated support hotline while evaluating additional safeguards to protect sensitive data on its systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In February 2018, the University of Alaska (UA) began receiving reports from users experiencing difficulties accessing their UAOnline accounts. The university promptly terminated the unauthorized access, initiated an investigation, and engaged third-party forensic experts to assess the incident's scope. The investigation revealed that an unauthorized third party had changed certain UAOnline account passwords. UA notified all affected UAOnline users in February 2018 and implemented enhanced security protocols for password changes. Following this, UA continued investigating the broader system intrusion, leading to the discovery on March 28, 2018, that unauthorized access to specific university email accounts had occurred between January 31 and February 15, 2018. The university expanded its investigation to include a comprehensive review of these email accounts, examining both programmatic and manual methods to identify protected information and affected individuals. This process required months of effort to determine the identity and contact details of those whose data might have been exposed. The initial UAOnline breach and subsequent email compromise were treated as interconnected incidents stemming from the same unauthorized system access campaign.
The compromised email accounts contained varying types of sensitive information depending on the individual, including names, government-issued identification numbers, dates of birth, digital signatures, driver's license numbers, usernames, passwords, financial account numbers, health and health insurance information, passport numbers, and UA student identification numbers. For some individuals, Social Security numbers were also present. Upon confirming the email account intrusions, UA worked with external experts to verify the incident's nature and scope while identifying potentially affected parties. The university notified these individuals through direct communications, offering access to credit monitoring services and protective resources. UA acknowledged existing security measures but committed to evaluating additional safeguards and reviewing policies to strengthen information protection. A dedicated toll-free hotline (866-783-5580) was established for inquiries, operational Monday through Friday during Pacific Standard Time, with additional information published on the university's website. The notification process included specific guidance for residents of North Carolina, Maryland, New Mexico, Rhode Island, and Massachusetts regarding their respective state laws and Attorney General contact information, though the exact number of affected Rhode Island residents remained unconfirmed at the time of disclosure.