Cyber Incident Victim: Coastal Carolina University
Date:
Feb 2023
Location:
United States of America
Summary
The requested incident summary cannot be provided as the supplied articles exclusively reference California Northstate University, with no information available regarding a cybersecurity incident involving Coastal Carolina University during the specified timeframe. No relevant data exists in the provided sources to construct a factual summary for the named institution.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around February 15, 2023, the AvosLocker ransomware group listed California Northstate University on its data leak site, claiming to possess stolen student and employee data. The threat actors asserted they exfiltrated student admissions records containing names, Social Security numbers, dates of birth, addresses, email addresses, and telephone numbers, along with all college employee W-2 tax forms. As proof, AvosLocker publicly released a sample of the stolen employee data, including the 2022 W-2 statements for the university’s President and CEO, Vice-President and CFO, and a job applicant’s information. They also leaked a file containing 393 employee W-2 forms for 2022, which disclosed sensitive details such as employee names, addresses, Social Security numbers, wage information, and tax withholding amounts. AvosLocker did not release any student-related data at the time of their initial posting and did not specify the full scope of exfiltrated employee records. The group criticized the university’s cybersecurity posture in their leak site message, questioning why the institution purchased cyber insurance with ransomware coverage without adequately protecting student and staff data.
The exposure of W-2 forms created significant risks for affected employees, as this information could facilitate tax refund fraud, identity theft, and financial crimes. AvosLocker’s announcement indicated they might sell or leak additional stolen data, though no further disclosures were confirmed at the time of reporting. California Northstate University had not published any official notice regarding the cyberattack on its website as of February 15. DataBreaches attempted to contact university administrators, including the CEO and CFO, but could not locate their email addresses; inquiries were instead sent to other administrators and a student newsletter representative. No details regarding the university’s internal response, containment efforts, or forensic investigations were publicly available. The incident’s discovery timeline, initial attack vector, and data exfiltration methods remained undisclosed in the available information.