Cyber Incident Victim: University of Maryland, College Park

The University of Maryland, College Park, disclosed a cybersecurity breach on March 20, 2014, marking the second such incident within months. University officials confirmed the breach compromised the personal information of one senior university official, with the institution learning of the incident on the preceding Saturday. Ann G. Wylie, chair of a newly formed cybersecurity task force, notified the campus community that this attack was unrelated to a prior breach disclosed in February 2014, which had exposed data belonging to hundreds of thousands of students, staff, and alumni. No technical details regarding the attack vector, scope of accessed systems, or identity of threat actors were disclosed in the announcement. The university did not specify whether the compromised data included sensitive identifiers such as Social Security numbers or financial records in this most recent incident.

The announcement highlighted ongoing cybersecurity challenges facing the institution following the earlier large-scale breach. Wylie’s communication did not describe containment measures or forensic findings related to the latest breach but emphasized the establishment of the task force to address systemic vulnerabilities. The repeated incidents underscored operational risks to institutional data, though no further details about disruptions to university functions or specific mitigation steps were provided. The university did not disclose whether law enforcement was investigating the breach or if affected individuals received notification beyond the senior official referenced. The brevity of the announcement contrasted with the scale of the preceding breach, leaving broader implications for institutional security posture unaddressed in public reporting.