Cyber Incident Victim: College of Eastern Idaho
Date:
Jul 2018
Location:
United States of America
Summary
College of Eastern Idaho experienced unauthorized access to four employee email accounts following a phishing attack, discovered through suspicious email activity that prompted an internal investigation assisted by third-party forensic experts. The breach potentially compromised personal information, leading the institution to notify affected individuals and offer complimentary credit monitoring services to mitigate risks of identity theft or fraud.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 5, 2018, the College of Eastern Idaho (CEI), formerly known as Eastern Idaho Technical College, detected suspicious email activity within an employee’s email account. The institution immediately initiated an internal investigation supported by third-party forensic investigators to determine the nature and scope of the incident. The investigation confirmed unauthorized access to four employee email accounts, with the intrusion period spanning from July 14, 2018, to September 12, 2018. The breach window indicated prolonged attacker presence within the compromised accounts over nearly two months. CEI did not publicly disclose the exact mechanism of initial access or specific attacker tactics within the notification template submitted to the Montana Attorney General’s Office. The incident represented a compromise of institutional email systems, though the notification did not specify whether student or employee data repositories beyond the email accounts were accessed.
CEI formally confirmed the security incident by October 11, 2018, following the forensic review. The college notified potentially affected individuals through a standardized breach disclosure template, though the notification did not quantify the number of impacted persons or characterize the types of exposed personal information. CEI offered complimentary credit monitoring and identity theft protection services to individuals whose data may have been accessed during the unauthorized email account activity. The institution’s response included no public description of technical containment measures such as password resets, access revocation, or enhanced email security protocols. The breach notification emphasized CEI’s engagement of third-party forensic specialists but omitted specifics regarding system remediation, policy changes, or employee retraining implemented post-incident. No ransomware deployment, data exfiltration claims, or financial motives were cited in the available notification documentation.