Cyber Incident Victim: Millersville University

On February 28, 2021, Millersville University confirmed it had experienced an external cyber attack targeting its network. The attack occurred on Sunday, February 28, prompting immediate operational disruptions that forced the cancellation of all in-person and virtual classes on the following two days, Monday and Tuesday. The university did not disclose the specific nature of the attack or the exact intrusion methods employed by the external threat actors. No details were provided regarding how the attack was detected, the duration of unauthorized access, or whether threat actors deployed malware, ransomware, or other malicious tools within the network. The incident caused significant academic disruption, affecting instructional continuity across the institution during the class cancellation period.

Millersville University indicated that personally identifiable information (PII) stored on the affected server was encrypted, raising hopes that this data might not have been compromised. However, the university acknowledged that the actual risk to PII depended on unresolved factors, including the storage location of the encryption keys and the level of system access or privileges obtained by the attackers during the breach. The institution did not specify whether forensic investigations confirmed or ruled out data exfiltration, nor did it disclose the types or volume of data residing on the compromised server. No information was released regarding containment measures, system restoration timelines, or whether law enforcement agencies were involved in the response. The public disclosure did not include details about attacker attribution, financial demands, or whether the incident involved ransomware or extortion attempts. Academic operations resumed after the two-day cancellation period, but the university did not provide updates on long-term security improvements or post-incident audits.