Cyber Incident Victim: Wichita State University

Wichita State University experienced unauthorized access to a computer server used for student and employee web portals between December 3 and December 5, 2019. The institution discovered this security incident in December 2019 and immediately secured the compromised server. They engaged a computer forensic firm to investigate the breach's scope and impact. The forensic investigation confirmed the attacker's access window spanned three days in early December. While the specific intrusion method wasn't publicly disclosed, the university's subsequent staff re-education efforts suggest potential human factors may have contributed to the breach.

The investigation revealed that the accessed server contained a historical database with sensitive personal information. On January 13, 2020, WSU confirmed the compromised data included names, email addresses, dates of birth, and Social Security numbers belonging to 1,762 Iowa residents. Notification letters were mailed to affected individuals beginning March 6, 2020, in compliance with Iowa's breach notification laws. This incident marked the second significant cybersecurity event for the university in 2019, following an earlier phishing attack that had compromised employee paychecks. The breach response involved coordinated efforts between university IT staff, external legal counsel, and forensic investigators to contain the incident and assess its impact.