Cyber Incident Victim: University of Kashmir
Date:
Aug 2022
Location:
India
Summary
A data breach at the University of Kashmir compromised personal information of over one million students and employees, with the exposed dataset subsequently listed for sale on a publicly accessible hacking forum for $250. The actor "ViktorLustig" advertised the institution's database on both dark web and clear net platforms, amplifying accessibility risks despite potential synchronized content removal across both channels. The incident involved sensitive academic and employment records being monetized at a low price point, reflecting significant exposure of institutional data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In August 2022, the University of Kashmir suffered a significant data breach compromising the personal information of over one million students and employees. The stolen database appeared for sale on a hacking forum on or before August 10, advertised under the alias "ViktorLustig" – a pseudonym referencing the notorious fraudster who famously sold the Eiffel Tower in a historical scam. The attacker priced the entire dataset at $250, making it accessible to potential buyers through both dark web (Tor) and clear net versions of the forum. This dual accessibility heightened exposure risks, as the clear net presence allowed broader visibility beyond typical dark web users. While the forum maintained synchronization between its Tor and clear net listings, ensuring removal from one would delete it from both, the initial exposure period created a window for unrestricted access. The breach announcement originated from media reports citing the Kashmir Observer, though specific technical details regarding intrusion methods, data exfiltration timelines, or compromised systems remained undisclosed in available sources.
The incident's primary impact stemmed from the scale of exposed personal data, affecting a substantial portion of the university community without immediate clarity on specific data fields involved. The attacker's choice to market the data on a mainstream-accessible platform increased potential misuse risks, including identity theft and phishing campaigns targeting affected individuals. No verified claims emerged regarding actual data purchases or secondary distribution following the initial listing. University officials did not release public statements addressing breach containment, forensic investigations, or mitigation efforts for affected parties within the reported timeline. The absence of technical remediation details or victim notification processes in source material left the operational response undefined. Persistent accessibility concerns lingered due to the forum's architecture, though synchronized removal mechanisms could have curtailed prolonged exposure if activated.