Cyber Incident Victim: Greenville Technical College
Date:
Aug 2020
Location:
United States of America
Summary
Greenville Technical College experienced a ransomware attack exploiting a VPN vulnerability, compromising servers and workstations. Threat actors claimed exfiltration of over 600 GB of sensitive data—including Social Security numbers, driver’s licenses, medical records, and financial details—posting employee financial documents as evidence. The institution maintained no personal data was affected, asserting recovery via backups without ransom payment, but attackers publicly disputed this, alleging widespread impact on staff and students while releasing additional compromised documents. The conflicting claims remained unresolved, with the college declining to revise its initial statements despite ongoing evidence of data exposure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 3 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late August 2020, Greenville Technical College in South Carolina experienced a ransomware attack involving the Avaddon threat actor group. Attackers exploited a vulnerability in the college’s virtual private network (VPN), compromising three servers and three workstation storage systems. The college detected the intrusion and opted not to pay the ransom demand, instead restoring operations by deleting encrypted data and reloading information from clean backups. A spokesperson confirmed this recovery method to *Greenville News*, asserting no personal data was affected and the public faced no impact. The attackers, however, publicly listed the college on their leak site by early September 2020, contradicting these claims and demanding payment before a September 4 deadline. They alleged exfiltration of over 600 GB of sensitive data, including Social Security numbers, driver’s license details, medical records, banking information, and applications belonging to students and employees. As evidence, they released financial documents tied to the college president, his wife, and the vice president for finance.
Following the college’s public denial of data compromise, Avaddon escalated its claims on September 8, 2025, posting additional employee financial records and directly refuting the institution’s statements on their leak site. They declared the breach impacted all staff and students, accusing the college of misleading stakeholders. DataBreaches.net attempted to verify these conflicting narratives through multiple inquiries but received no substantive response from the college beyond its initial statement and a subsequent "no update" acknowledgment on September 8. The incident’s full scope remained unresolved, with confirmed evidence limited to the leaked financial documents. No further details emerged regarding the vulnerability’s nature, ransom amount, or independent verification of data exposure claims. The college maintained its position regarding data integrity despite the threat actors’ persistent assertions of widespread data theft.