Cyber Incident Victim: University of Northern Colorado

On or around February 5, 2018, the University of Northern Colorado disclosed a cybersecurity breach involving unauthorized access to the personal information of 12 employees. According to university spokesman Nate Haas, an unknown individual or group compromised employee accounts on Ursa, UNC’s online portal. The attackers attempted to log into the targeted accounts before exploiting the employees’ Social Security numbers to reset passwords and gain full access. Once inside the system, the perpetrators downloaded electronic W2 tax forms containing sensitive financial data. UNC officials indicated the Social Security numbers used in the attack were likely obtained from sources external to the university’s systems, though the specific origin remained unidentified. The breach occurred the preceding week, with the university issuing a public statement upon confirming the incident. No evidence suggested broader system infiltration beyond the compromised employee accounts.

The incident directly impacted 12 university employees whose personally identifiable information and tax documents were exfiltrated. UNC’s response included public notification through an official release detailing the breach mechanism and confirmed scope. The university emphasized that the attackers leveraged pre-acquired Social Security numbers to facilitate credential resets rather than exploiting a vulnerability in Ursa’s infrastructure. No information was disclosed regarding mitigation steps for affected employees or whether law enforcement was engaged. The breach highlighted risks associated with external exposure of sensitive identifiers like Social Security numbers, which enabled subsequent unauthorized access to institutional systems. UNC did not report additional consequences such as financial fraud or secondary data misuse stemming from the incident.