Cyber Incident Victim: University of Kentucky
Date:
Dec 2014
Location:
United States of America
Summary
The University of Kentucky was among several educational institutions targeted by a hacker using the alias @MarxistAttorney, who publicly claimed responsibility for breaching their systems and released data dumps as proof. The university acknowledged the incident and initiated an investigation into the alleged compromise. The attacker stated the intrusions were motivated by personal amusement and aimed to undermine institutional IT security by publishing sensitive information, including login credentials and employee identifiers. While the specific scope of data exposed at the university remained unconfirmed, the incident highlighted systemic vulnerabilities in academic sector cybersecurity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 4, 2015, the pseudonymous hacker @MarxistAttorney claimed responsibility for breaching multiple universities, including the University of Kentucky, in a Pastebin post accompanied by data dumps purportedly containing stolen information. The hacker listed compromised institutions alongside proof-of-concept data releases, which included logins, employee IDs, and other sensitive records allegedly extracted from university systems. DataBreaches.net contacted the affected universities for verification, with the University of Kentucky confirming receipt of the inquiry and initiating an investigation into the claims on the same day. @MarxistAttorney’s website hosted additional data dumps, though direct links to these were withheld by reporters. The attacker cited "lulz" as their primary motivation in an emailed statement, emphasizing their intent to publicly expose the data to embarrass institutional IT teams. No specifics regarding the exact scope of the UK breach—such as the number of records exfiltrated or the precise systems compromised—were disclosed in the available reports.
The University of Kentucky did not provide further public updates beyond its initial acknowledgment of the investigation, unlike Abertay University, which clarified that its breach involved a third-party promotional site unrelated to core systems. By January 8, 2015, the University of Maryland had also confirmed it was investigating the incident, though UK’s status remained unresolved in subsequent reporting. Federal agencies were noted to lack consistent oversight of educational sector breaches, with the FTC’s authority over nonprofit institutions remaining unclear. No evidence emerged in the source material confirming whether UK’s investigation substantiated the breach claims, identified attack vectors, or notified affected individuals. The incident highlighted broader challenges in verifying and responding to breaches involving multiple institutions targeted by a single threat actor.