Cyber Incident Victim: University of Santa Clara Office of Marketing and Communication

On October 17, 2016, an anonymous entity identifying as SCUWatch executed a data leak targeting Santa Clara University's Office of Marketing and Communications (OMC). The attacker emailed a folder labeled "OMC_Leak" to The Santa Clara campus newspaper, containing internal OMC documents. The compromised materials included crisis management plans outlining institutional response protocols for emergencies, university social media strategies detailing engagement tactics and platform management, and personal contact information for senior administrators such as phone numbers and email addresses. This marked the second cybersecurity incident involving SCUWatch that month, following an earlier leak of athletics department documents. The breach exposed operational vulnerabilities in the university's non-technical security practices rather than technological infrastructure.

University spokesperson Deepa Arora confirmed the incident's occurrence but deferred detailed comment pending investigation. Chief Information Officer Michael Owen attributed both the OMC and athletics leaks to inadequate password management practices by personnel, explicitly ruling out external system breaches or firewall compromises. The exposure of crisis management plans potentially weakened the university's ability to respond effectively to future emergencies by revealing predefined strategies. Disclosure of administrators' personal contact information raised concerns about potential harassment or social engineering attacks targeting leadership. No evidence suggested financial data theft or academic record compromise. The incident underscored institutional reliance on individual password hygiene as a security control, with no immediate public disclosure of remedial actions beyond Owen's assessment of the root cause.