Cyber Incident Victim: University of Kentucky
Date:
Jan 2015
Location:
United States of America
Summary
The University of Kentucky was among several universities targeted in a hack claimed by the actor @MarxistAttorney, who publicly dumped allegedly stolen data as proof of compromise. The attacker stated the intrusions were motivated by "lulz" and aimed to expose institutional IT failures, though no specific grievances against the university were detailed. The compromised data reportedly included logins, employee IDs, and other sensitive information. The institution acknowledged the claims and initiated an investigation but did not confirm the breach's validity at the time of reporting. Other affected universities similarly investigated the incidents, with one confirming a breach of a separate promotional site. Federal oversight gaps in educational sector breaches were noted as a systemic concern.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early January 2015, an individual or group using the alias "@MarxistAttorney" publicly claimed responsibility for hacking multiple universities, including the University of Kentucky. The attacker announced the breaches through a Pastebin post dated January 3, 2015, accompanied by data dumps purportedly containing evidence of compromised information from each institution. While DataBreaches.net did not directly link to the leaked data, it confirmed the existence of these dumps and noted they appeared unique based on preliminary Google searches, with no prior public postings detected for most datasets. The University of Kentucky was among six named targets, alongside California State University, University of Connecticut, University of Maryland, Coastal Carolina University, and Abertay University. Upon being notified by DataBreaches.net on January 4, the University of Kentucky promptly acknowledged the inquiry and initiated an internal investigation into the alleged breach but did not immediately confirm or deny the compromise. No specifics regarding the nature or scope of potentially exposed data at Kentucky were disclosed publicly during the initial response period.
The attacker, operating through a website (yourattorney.nl) and Twitter account, stated their motivation was "the sole pleasure of the 'lulz'" and aimed to "undermine the idiots at the IT Team" by publicizing stolen data. This rationale was provided via email to DataBreaches.net and mirrored in a subsequent Pastebin statement. While the University of Maryland's inclusion was speculated to relate to a prior rejection grievance hinted at in social media posts by affiliated account @teamcarbonic, no specific motive was cited for targeting Kentucky. By January 8, 2015, only Abertay University and Maryland had issued follow-up statements—Abertay attributing its breach to a compromised satellite competition website—while Kentucky maintained its investigation status without further public updates. The incident highlighted broader systemic vulnerabilities in the education sector, with the article noting inadequate federal oversight due to jurisdictional ambiguities between the FTC and nonprofit institutions despite potential financial data exposures.