Cyber Incident Victim: Bradley University
Date:
Mar 2015
Location:
United States of America
Summary
A data breach at Bradley University compromised staff and faculty personal information, enabling perpetrators to steal over $770,000 through fraudulent tax returns and prepaid debit card schemes. The intrusion was attributed to malware, potentially via phishing emails that harvested credentials to access sensitive data. Affected individuals experienced identity theft, including blocked tax filings and prolonged refund processes requiring reports to law enforcement and credit bureaus. The institution provided complimentary identity protection subscriptions, though some criticized this approach as inadequate and burdensome, advocating instead for permanent credit freezes. The university did not communicate subsequent cybersecurity improvements to victims, citing an ongoing federal investigation as restricting further commentary on the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In March 2015, Bradley University experienced a data breach targeting its data warehouse containing personal information of staff and faculty. Chicago resident Gdadebo Adebiyi accessed the system and stole over $770,000 through a fraud scheme involving third-party prepaid debit cards and money order purchases. The university initially attributed the incident to computer malware in a campus-wide email notification, with information security professor Jacob Young suggesting phishing emails with malicious attachments could have compromised credentials to enable unauthorized access. Adebiyi pleaded guilty to one count of conspiracy to commit mail fraud on February 6, 2017, as confirmed by the U.S. District Attorney’s Office of Central Illinois. The breach specifically exposed sensitive employee data that facilitated identity theft-related crimes, though the university did not publicly disclose technical details about the intrusion method or specific systems affected beyond referencing malware as the initial cause.
Victims reported significant financial and administrative consequences from the stolen data. Accounting professor Simon Petravick discovered his taxpayer ID had been fraudulently used when filing his 2015 taxes, requiring him to submit reports to the IRS, Peoria Police Department, and credit bureaus while waiting nearly a year to receive his tax refund. Finance professor Bill Funkhouser criticized Bradley’s post-breach response of offering one-year Lifelock subscriptions, noting this placed monitoring burdens on employees and created potential costs if victims renewed unnecessary subscriptions. Funkhouser advocated for credit security freezes as a more effective, permanent solution costing $10 per individual. Both professors stated Bradley had not communicated any specific cybersecurity policy changes implemented to prevent future breaches following the incident. University Director of System Integration and Security David Scuffham cited an ongoing FBI investigation as preventing further public comment while emphasizing continuous cybersecurity improvements as part of institutional strategy. The university maintained this position despite victim concerns about inadequate follow-up measures.