University of Maryland, College Park

The University of Maryland, College Park is a large public university in the United States, providing higher education and research services to a diverse community of students, faculty, staff, and alumni. It offers a wide array of academic programs across undergraduate, graduate, and professional levels, supported by extensive research initiatives. The scale of its operations is evident from the volume of sensitive personal information it handles, with documented data breaches affecting hundreds of thousands of individuals over several years. Compromised data has included names, Social Security numbers, dates of birth, and university identification numbers, though financial, academic, health, and contact details have sometimes remained secure. This indicates an institution managing extensive records for a broad constituency, consistent with a major research university's responsibilities.

The university's history of cybersecurity incidents reveals a pattern of targeting by various threat actors, from individual hackers to ransomware groups, underscoring its status as a high-value target in the education sector. Notable breaches include two separate attacks in early 2014: the first exposed over 300,000 records, while the second, occurring shortly after, compromised information belonging to a senior official and was unrelated to the initial incident. Both were linked to a hacker using the alias @MarxistAttorney, who publicly dumped stolen data for amusement and to critique institutional security. In response, the university acknowledged the breaches, launched investigations with law enforcement and cybersecurity experts, notified affected individuals, and established a dedicated cybersecurity task force led by a senior administrator. It also offered complimentary credit monitoring services to those impacted, as seen in the 2014 breach response. Further, in 2021, the institution was among universities targeted by a ransomware group, though specific breach details from that event are not provided. These repeated incidents, despite implemented measures, highlight ongoing challenges in safeguarding personal data against evolving cyber threats in higher education.