Cyber Incident Victim: East Central University
Date:
Feb 2024
Location:
United States of America
Summary
East Central University experienced a cyber-attack where threat actors compromised campus computers, attempting data theft, encryption, and extortion without disrupting critical services. ECU engaged a third-party cybersecurity team to contain the incident, reset passwords, evaluate systems, and implement response protocols. While forensic analysis found no evidence of data exfiltration, investigators later identified potential unauthorized access to names and Social Security numbers. The university established dedicated communication channels, including a webpage and contact points, to provide updates and address concerns as the scope of impacted data remains under review.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 16, 2024, East Central University experienced a directed cyberattack by an international criminal group targeting campus systems. The attackers compromised multiple university servers and encrypted data stored on them but failed to disrupt ECU’s critical operational services such as Microsoft Office, Blackboard, and Colleague. ECU’s IT department detected the intrusion impacting shared drives and immediately engaged a third-party cybersecurity response team to assist with containment and recovery efforts. Collaborative forensic work began within hours to determine the attack’s scope, deploy countermeasures, gather evidence, and restore network visibility. Initial mitigation actions included system-wide password resets, evaluation of critical infrastructure integrity, and formulation of an incident response strategy. By February 27, ECU confirmed ongoing analysis with external experts while assuring the campus community that core applications remained functional for daily use.
The university issued its first formal notification to faculty and staff on March 1, revealing the criminal group’s encryption of server data and involvement of law enforcement agencies including the FBI. Although no evidence confirmed data exfiltration at this stage, ECU scheduled mandatory in-person town hall meetings for March 4 to address concerns, supplemented by a dedicated webpage and FAQ resource. Subsequent communications on March 4 and April 2 emphasized reporting protocols for incident-related inquiries and reiterated the importance of vigilance regarding potentially exposed information. By April 9, ECU disclosed that forensic reviews indicated possible unauthorized access to names and Social Security numbers despite lacking confirmation of actual theft or misuse. The full scope of compromised data remained under investigation with no timeline for resolution. Throughout the response, ECU maintained centralized updates via email ([email protected]), phone support (580-559-5967), and its incident-specific webpage while directing individuals to IdentityTheft.gov for protective guidance.