Cyber Incident Victim: Daytona State College
Date:
Feb 2017
Location:
United States of America
Summary
Daytona State College experienced a cybersecurity incident involving unauthorized access to employee W-2 tax information, initially discovered when 2016 tax documents were identified for sale on the darknet. The institution launched an investigation after being alerted, with subsequent claims by a darknet vendor suggesting a system compromise rather than phishing, resulting in approximately 23 high-income employee records and additional lower-value W-2s being exfiltrated. While the exact scope and attack vector remained unconfirmed during initial reporting, the organization proactively notified affected individuals and regulatory authorities, emphasizing potential risks to sensitive tax data without definitive conclusions about system involvement or total impacted parties.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 19, 2017, Daytona State College (DSC) was alerted by an external researcher that at least one employee’s 2016 W-2 tax statement was being sold on the darknet. The researcher had identified multiple W-2 documents from various organizations available for purchase and contacted DSC that same day to warn them about the potential exposure. DSC’s Chief Information Security Officer (CISO) initiated an investigation the following morning. Subsequent communications between the researcher and a darknet vendor revealed claims that the vendor had not obtained the documents through phishing but instead by hacking DSC’s systems, allegedly acquiring approximately 23 W-2 statements belonging to high-income employees along with additional lower-value records. DataBreaches.net later advised the college to investigate signs of a system intrusion rather than focusing solely on a phishing scenario, prompting DSC to broaden its forensic examination.
DSC issued a breach notification to the Montana Attorney General’s Office on March 6, 2017, acknowledging a potential security incident involving employee W-2 data. The college’s template letter, dated the same day it received the hacking theory recommendation, stated the investigation remained ongoing and had not yet confirmed the incident’s origin, scope, or full impact on systems and personnel. Despite these uncertainties, DSC proactively notified affected staff out of caution, advising them to monitor their financial accounts and provided guidance on protective measures. The notification emphasized that the college had not yet verified whether its systems were directly compromised or if the data exposure occurred through alternative means. DSC’s public communications did not disclose technical details about the suspected intrusion vector, forensic findings, or exact number of impacted individuals beyond the vendor’s unverified claim of approximately 23 high-value records. The college’s response prioritized transparency about the unresolved investigation while urging vigilance among employees whose tax information might have been exposed.