Cyber Incident Victim: Lee University
Date:
Mar 2024
Location:
United States of America
Summary
Lee University experienced a cybersecurity breach involving suspected ransomware activity attributed to the Medusa group, prompting immediate containment measures by its IT team with external support. While academic operations continued without major disruption, some students reported temporary inconveniences such as seeking alternative Wi-Fi access. The attackers typically impose a 7-10 day deadline before threatening to release stolen data, though the specific nature and full impact of the incident remain under investigation. The institution notified affected individuals and emphasized ongoing efforts to secure its systems, with experts noting that organizational consequences may outweigh direct risks to individual stakeholders.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Lee University in Bradley County, Tennessee, identified a potential security incident early on March 22, 2024. The university’s IT department, assisted by external resources, implemented immediate containment measures to secure its environment while allowing classes to proceed without disruption. Initial university communications confirmed the investigation remained ongoing, with no public disclosure of the incident’s nature or scope. By March 22, cybersecurity expert Ron Fabela linked the event to a ransomware group called Medusa, which had posted a notification about the attack. Fabela stated Medusa typically imposes a 7-10 day deadline before threatening to release stolen data publicly, though no specific ransom demand or data type was confirmed. Students reported receiving breach notifications from the university, with some expressing concerns about personal information security. Operational disruptions included intermittent Wi-Fi outages, forcing students like Rebekah Lee to seek alternative internet access at coffee shops.
The university maintained that academic activities continued normally despite these technical inconveniences. Kaden Pennertz, a student, noted the incident’s prolonged duration compared to prior security events at the institution. Fabela emphasized the attack’s primary motive was financial extortion, with greater organizational than individual risks, though definitive impacts remained unverified pending Medusa’s potential data release. As of the latest reports, the investigation had not revealed whether data exfiltration occurred or whether the university negotiated with the threat actors. Lee University’s spokesperson, Kendra Grant, reiterated the containment of the suspected incident but declined to elaborate on forensic findings or mitigation steps. The situation remained unresolved, with Fabela indicating the full consequences would depend on whether Medusa followed through on its data disclosure threat after the countdown expired.