Cyber Incident Victim: University of Vermont

On or around May 23, 2018, the University of Vermont (UVM) experienced a cybersecurity incident involving unauthorized access to its NetID portal. This system served as a central authentication point for campus services, including email access, class registration platforms, and systems for viewing final grades. UVM officials publicly disclosed the breach on Wednesday, May 23, through notifications sent directly to affected individuals. The university characterized the event as an "intrusion" that compromised usernames and passwords associated with NetID accounts. While the specific method of attack and timeline of unauthorized access were not detailed in public communications, the compromise created potential pathways for malicious actors to exploit legitimate credentials across university systems.

The incident impacted approximately 37,000 current and former faculty members, staff, and students whose NetID credentials were exposed. UVM's notification emphasized the risk that stolen usernames and passwords could be misused to access institutional resources tied to the portal. Despite this acknowledged vulnerability, university officials stated they had no evidence indicating that personal information had been acquired or misused by unauthorized parties following the breach. The university did not specify whether multi-factor authentication was in place at the time of the intrusion or detail technical containment measures undertaken beyond the issuance of breach notifications. No further public updates regarding forensic findings or long-term consequences were referenced in the immediate disclosure.