Cyber Incident Victim: University of Maryland, College Park
Date:
Dec 2014
Location:
United States of America
Summary
A hacker using the alias @MarxistAttorney breached multiple universities, including the University of Maryland, and publicly dumped stolen data containing logins, employee IDs, and other sensitive information. The attacker claimed the intrusions were motivated by "lulz" and aimed to undermine institutional IT security teams. The institution acknowledged the incident and initiated an investigation, though specific details about the compromised systems or data scope were not disclosed. The hacker's activities were linked to broader targeting of educational entities, with some speculation about a potential grievance related to university admissions, though no direct evidence confirmed this motive. Other affected institutions similarly investigated the claims, with one confirming a breach of a satellite promotional site.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early January 2015, an individual or group using the alias "@MarxistAttorney" claimed responsibility for hacking multiple universities, including the University of Maryland, College Park. The hacker publicly disclosed data dumps purportedly containing compromised information from these institutions through Pastebin and their personal website (yourattorney.nl), though the specific nature and scope of the stolen data from Maryland were not detailed in available reports. Alongside Maryland, the hacker listed California State University, University of Kentucky, University of Connecticut, Coastal Carolina University, Abertay University, and later Fordham University as targets. Initial verification efforts by DataBreaches.net found no prior public postings of the Maryland-related data, though one dataset misattributed to California State University had previously been linked to a San Diego Zoo breach. The University of Maryland was notified of the claims on January 4, 2015, but did not immediately confirm or deny the breach.
@MarxistAttorney stated their motivation was "the sole pleasure of the 'lulz'" and aimed to publicize stolen data—including "thousands upon thousands of logins, employee ids, and various other sensitive information"—to undermine the targeted universities' IT teams. A December 2014 tweet from the unrelated account @teamcarbonic suggested a potential grievance against the University of Maryland, referencing an apparent admission rejection, though no direct collaboration or motive was confirmed between the accounts. The University of Maryland acknowledged the incident four days after initial media inquiries, issuing a brief statement on January 8, 2015, confirming an investigation was underway. No further details regarding the investigation's findings, remediation efforts, or confirmed data exposure were disclosed in the available source material. Other affected institutions, such as Abertay University, attributed compromises to third-party satellite sites rather than core systems, but Maryland did not publicly clarify whether its breach involved primary infrastructure or auxiliary services. The incident highlighted broader concerns about inconsistent federal oversight of educational sector breaches, as noted by the article’s commentary on the FTC’s limited enforcement authority.