Cyber Incident Victim: Hamilton College

In March 2019, Hamilton College, alongside Grinnell College and Oberlin College, experienced a data breach targeting prospective student applicants. Attackers sent ransom notes to applicants claiming unauthorized access to their admission files through the Slate system, a platform used by all three institutions for managing admissions processes. The perpetrators demanded payments of up to one Bitcoin, equivalent to approximately $3,800 at the time, in exchange for the return of stolen data. Grinnell College publicly confirmed that its applicants had received these extortion emails, though all affected colleges reported similar circumstances. The breach occurred through exploitation of a single-sign-on vulnerability inherent to the Slate system, which allowed attackers to bypass security measures without requiring additional authentication. No specific timeframe was provided for when the initial compromise occurred relative to the ransom communications.

The incident directly impacted applicants whose admission data was potentially exposed, though the exact number of affected individuals across the three colleges remained unspecified. Security researchers analyzing the breach highlighted the absence of two-factor authentication (2FA) as a critical vulnerability that facilitated unauthorized access. While the colleges acknowledged the ransom demands, no confirmation was provided regarding whether any payments were made or if data was actually exfiltrated beyond the attackers' access claims. The breach underscored systemic risks in centralized admissions platforms shared across multiple institutions, particularly when relying on single authentication mechanisms. Inside Higher Ed's reporting brought attention to the targeting of elite colleges through their third-party software dependencies, though forensic details about attacker identification or full scope remained undisclosed by the affected institutions.