Menu
Browse

Cyber Incident Victim: University of Connecticut

Date:

Sep 2013

Location:

United States of America

Summary

A cybersecurity breach at the University of Connecticut's School of Engineering involved unauthorized server access via malware, potentially compromising login credentials and personal information including Social Security and credit card numbers. The institution responded by resetting passwords, notifying affected individuals and research sponsors, decommissioning compromised servers, and implementing enhanced security measures, though no direct evidence of data exfiltration was found.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 1 motive 1 technique
Threat Actors Type Location
0 actors Available to members Available to members

Description

On March 9, 2015, information technology staff at the University of Connecticut’s School of Engineering discovered malicious software on multiple servers within the school’s technical infrastructure. This malware potentially compromised data stored on these systems, including sensitive research information and individual communications. Forensic analysis later revealed that the initial unauthorized access to a School of Engineering server occurred on September 24, 2013, with additional penetrations occurring after that date. The University’s Information Security Office immediately initiated a joint investigation with School of Engineering IT staff upon detection. As a precautionary measure, the School of Engineering promptly notified faculty, staff, students, visitors, and emeriti about potential credential compromise, specifically alerting approximately 1,800 users of the Lync instant communication tool university-wide. These individuals were advised to reset their passwords immediately. The University subsequently engaged cybersecurity firm Dell SecureWorks to conduct a comprehensive incident response, which included analyzing the attack methodology and searching for any residual threats not identified during the initial containment efforts.

Cyber Incident Image

The investigation determined there was no direct evidence that attackers exfiltrated data from the compromised servers. Despite this finding, UConn notified approximately 200 government and private sector research sponsors who had contracts with School of Engineering faculty about the breach as a precautionary measure. The University also identified potential exposure of personally identifiable information, including Social Security numbers and credit card details, though specific quantities of affected individuals weren’t disclosed. Those determined to have potentially compromised sensitive data were offered complimentary enrollment in identity protection services for one year. Remediation actions included patching the vulnerability used as the initial access point, resetting all School of Engineering Active Directory passwords, decommissioning and rebuilding all servers showing evidence of compromise, implementing more granular firewall separations, and enhancing system monitoring for unauthorized access. UConn concurrently launched a comprehensive review of institutional IT security practices to address evolving cyber threats against large organizations.

Sources
Sources available to members
1 source