Cyber Incident Victim: University of California, Irvine
Date:
Feb 2014
Location:
United States of America
Summary
A cybersecurity incident at the University of California, Irvine involved keylogger malware compromising three Student Health Center computers for approximately six weeks, potentially exposing unencrypted personal information of over 1,800 students and 23 non-students. The compromised data included names, contact details, student and patient IDs, health insurance policy numbers, banking information related to payments, medical procedure codes, and diagnostic information. The affected systems were removed from the network, employee passwords were reset, and law enforcement was notified. Security measures were enhanced through expanded campus-wide reviews and upgraded anti-virus protections, while impacted individuals received notifications and free monitoring services, with no evidence of fraudulent data use identified.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 15, 2014, the University of California, Irvine disclosed that keylogger malware had infected three computers at its Student Health Center (SHC), potentially compromising the personal information of 1,813 students and 23 non-students. The malware remained undetected on the systems for approximately six weeks before discovery. Exposed data included names, addresses, phone numbers, student ID numbers, non-student patient ID numbers, health and dental insurance policy IDs, bank names, check numbers used for payments, payment amounts received by SHC, medical procedure codes (Current Procedural Terminology), and diagnostic codes (ICD-9). The compromised computers processed unencrypted sensitive information during clinical operations. University officials confirmed the malware was designed to capture keystrokes but stated they had no evidence that harvested data had been misused for fraudulent purposes.
Upon detecting the infection, UC Irvine immediately removed all three affected computers from the network and initiated a forensic investigation. SHC employees were mandated to reset their system passwords as a precautionary measure. The university filed a report with law enforcement agencies and expanded existing campus-wide data security reviews, specifically enhancing SHC computer defenses with upgraded anti-virus and additional security software. Impacted individuals received breach notifications by mail and were offered complimentary credit monitoring services for one year. The university maintained ongoing investigation efforts to determine the malware's origin and full scope of data access while reinforcing institutional cybersecurity protocols across health center operations.