Cyber Incident Victim: California State University
Date:
Dec 2014
Location:
United States of America
Summary
California State University was among several institutions targeted by a hacker using the alias @MarxistAttorney, who publicly disclosed stolen data including logins, employee IDs, and other sensitive information. The attacker claimed the breaches were motivated by amusement and a desire to expose perceived IT security failures, though the university did not publicly confirm the incident's validity at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early January 2015, an individual or group using the alias @MarxistAttorney claimed responsibility for hacking multiple universities, including California State University, the University of Kentucky, the University of Connecticut, the University of Maryland, Coastal Carolina University, and Abertay University. The attacker published data dumps on Pastebin as proof of compromise, though specific contents were not detailed in public reports beyond references to "thousands upon thousands of logins, employee ids, and various other sensitive information." DataBreaches.net contacted all affected institutions for verification but initially received only a confirmation from the University of Kentucky that they were investigating. The hacker’s website linked to additional data repositories, though journalists refrained from sharing direct links to the leaked material. In a statement emailed to DataBreaches.net and posted on Pastebin, @MarxistAttorney cited "lulz" (amusement) and a desire to embarrass institutional IT teams as primary motivations, denying any specific grievances beyond general opportunism. Abertay University later clarified that compromised data originated from a separately hosted promotional site (daretobedigital.co.uk) for a competition, not their primary academic systems. The University of Maryland acknowledged the incident four days after notification, stating they were investigating but providing no further details.
The incident highlighted systemic challenges in breach verification and response within the education sector. No federal agency had asserted jurisdiction over such breaches at the time, with the FTC citing limitations in authority over non-profits under Section 5 of the FTC Act. Fordham University, not originally named in @MarxistAttorney’s claims, proactively submitted a statement via article comments after discovering its inclusion on #TeamCarbonic’s website—an affiliated entity referenced in the hacker’s greeting. DataBreaches.net noted inconsistencies in attribution, including one dataset mislabeled as California State University data that had previously circulated as a purported San Diego Zoo breach by another group (#Op4Pawz). Most institutions did not confirm the legitimacy or scope of the dumped data, leaving uncertainty regarding the exposure of financial records or other high-risk information. The attacker did not respond to follow-up inquiries about specific targeting criteria, and no additional technical details about intrusion methods or data exfiltration timelines were disclosed by victims or investigators.