Cyber Incident Victim: Meridian Community College
Date:
Sep 2019
Location:
United States of America
Summary
Meridian Community College experienced a phishing incident that compromised user credentials, prompting an investigation with third-party forensic assistance. The probe revealed potential unauthorized access to employee email accounts, leading to a months-long manual review of emails and attachments to identify exposed personal information, which included names, Social Security numbers, driver’s license details, passport numbers, birthdates, credentials, medical data, and health insurance information. The institution subsequently undertook efforts to locate and notify affected individuals, concluding with a public disclosure of the breach. The incident underscored operational challenges tied to reviewing extensive email repositories for sensitive data exposure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Meridian Community College discovered a phishing incident in late January 2019 that compromised certain user credentials. The college immediately initiated an investigation with assistance from a third-party forensics firm to assess the breach's scope. By April 12, 2019, investigators determined they could not rule out unauthorized access to specific employee email accounts. This finding prompted MCC to conduct a comprehensive manual review of all emails and attachments within the compromised accounts to identify potentially exposed personal information. The labor-intensive review process continued until June 25, 2019, when the college completed its examination of the affected email content. Following this three-month analysis, MCC began compiling contact information for individuals requiring notification. The institution publicly disclosed the incident through a press release on September 5, 2019, approximately eight months after initial detection. The extended timeline reflected the challenges of manually processing email account contents without definitive evidence confirming what specific data attackers accessed during the breach window.
The compromised information included various combinations of personal identifiers such as names, Social Security numbers, driver's license numbers, and passport numbers. Additional exposed data categories encompassed dates of birth, email credentials (usernames with passwords), medical treatment details, and health insurance information, though not all affected individuals had every data type compromised. The college's response required significant operational resources due to the volume of emails and attachments stored in the employee accounts under review. This extensive manual examination process contributed substantially to the seven-month gap between discovering the credential compromise and issuing public notifications. The incident highlighted the resource implications of maintaining large email repositories containing sensitive personal data, as investigators lacked conclusive evidence about which specific records were accessed during the unauthorized account activity.