Cyber Incident Victim: Grinnell College
Date:
Mar 2019
Location:
United States of America
Summary
Prospective students at Grinnell College received ransom emails after attackers exploited a single-sign-on vulnerability in the institution's Slate admissions system, compromising applicant data. The perpetrators demanded payment of up to one Bitcoin to prevent unauthorized disclosure of stolen admission files. This incident, which also affected two other elite U.S. colleges, involved claims of unauthorized access to sensitive applicant information through the exploited system vulnerability. Security researchers subsequently emphasized the critical need for robust authentication measures to mitigate such breaches.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In March 2019, Grinnell College, along with Hamilton College and Oberlin College, experienced a cybersecurity incident involving unauthorized access to applicant data. Attackers sent ransom notes to prospective students via email, claiming they had breached admission files and demanding payment in Bitcoin to prevent exposure or return the stolen information. Grinnell College publicly confirmed these communications, acknowledging that external parties had targeted its admissions systems. The attackers exploited a vulnerability in the Slate platform, a single-sign-on system used by all three institutions for managing applicant information. Security researchers identified the breach vector as a weakness in the authentication process, though specific technical details of the exploit were not disclosed in available reports. The colleges received ransom demands of up to one Bitcoin, equivalent to approximately $3,800 at the time. No evidence confirmed whether any institution or individual paid the ransom. The incident occurred amid broader concerns about Chinese state-sponsored hackers targeting 26 research institutions for maritime technology theft, though no direct connection was established between these campaigns and the college admissions breaches.
The attack specifically compromised prospective student data within the Slate system, though the exact number of affected applicants at Grinnell remained undisclosed. All three colleges collaborated in investigating the breach and notifying impacted individuals about the ransom threats. While operational disruptions to admissions processes were not reported, the incident raised concerns about the security of third-party educational platforms. Technology infrastructure teams at the institutions worked to address the single-sign-on vulnerability, though specific remediation steps taken by Grinnell were not detailed publicly. Security analysts emphasized that implementing two-factor authentication could have mitigated such exploitation, based on the attack methodology described. The financial motivation differentiated this incident from contemporaneous intellectual property theft campaigns targeting academic research. No subsequent data leaks or follow-up threats were documented in relation to the initial ransom demands.