Cyber Incident Victim: University of Maryland, College Park

The incident at California State University, East Bay involved unauthorized access to a university web server storing employee and extended learning course information. On August 11, 2014, the university's information security team discovered that an unknown individual had breached the server nearly one year earlier on August 23, 2013. Subsequent investigation revealed the attacker used malicious software to copy a data file containing personally identifiable information. The compromised records included full names, addresses, and Social Security numbers for 6,036 individuals, with birth dates exposed for 508 of those affected. University officials confirmed the server stored employment transaction records and some extended learning program data, though the breach remained undetected for approximately twelve months between initial intrusion and discovery.

Upon identifying the breach, CSU East Bay initiated an investigation to determine the scope and nature of the incident. The university submitted a template of its notification letter to California's Attorney General as required by state law, disclosing the types of compromised data and the timeline of events. Officials did not specify whether the malicious tool enabled persistent access or if other servers were involved in the breach. The delayed discovery timeframe of one year between intrusion and detection indicates security monitoring systems failed to identify the unauthorized access during that period. No information was provided regarding containment measures, system remediation, or whether law enforcement agencies were engaged following the discovery. The breach exposed affected individuals to potential identity theft risks due to the sensitive nature of the stolen Social Security numbers and birth dates.