Cyber Incident Victim: Abertay University

On February 15, 2023, the AvosLocker ransomware group publicly listed California Northstate University as a victim on their data leak site, claiming to possess extensive student and employee data. The threat actors asserted they had exfiltrated student admissions records containing names, Social Security Numbers, dates of birth, addresses, email addresses, and telephone numbers, along with all employee W-2 tax forms for 2022. As proof of their claims, AvosLocker published a sample of sensitive documents, including the 2022 W-2 statements of the university’s President and CEO, the Vice-President and CFO, and a job applicant’s personal information. They also released a file containing 393 employee W-2 forms from 2022, which exposed employee names, addresses, Social Security numbers, wage details, and federal and state tax withholding amounts. Notably, the group did not publish any student-related data at that time, leaving uncertainty about whether they would subsequently release or sell this information.

The compromised W-2 data created immediate risks of tax refund fraud and identity theft for affected employees, while the unverified student data breach threatened long-term financial and reputational harm to individuals. Despite the public exposure of sensitive documents, California Northstate University had not issued any public statement or posted a breach notification on its official website as of the incident’s disclosure date. DataBreaches.net attempted to contact university administrators, including the CEO and CFO, but could not locate their email addresses and instead reached out to other administrators and a student newsletter representative. No institutional response or mitigation steps were confirmed in the available reporting. The absence of confirmed containment actions or detection details left the full scope of the attack—including the total volume of exfiltrated data and the attackers’ initial access methods—undisclosed.