University of Kashmir

The University of Kashmir, headquartered in India, experienced a significant data breach on August 10, 2022. This incident resulted in the compromise of personal information belonging to over one million students and employees. The exposed dataset contained sensitive academic and employment records. Following the breach, the stolen data was advertised for sale by an actor using the alias "ViktorLustig." The database was listed on both dark web and clear net hacking forums at a price of $250. This low monetization point reflects a high volume of exposed institutional data. The actor's simultaneous listing across multiple platforms amplified the accessibility and potential misuse risks for the affected individuals. The public nature of the forum listing indicated a severe failure in protecting confidential information.

The subsequent sale of the University of Kashmir's database on publicly accessible forums demonstrates a direct and severe threat to the privacy of its large community. The involvement of a named threat actor, "ViktorLustig," suggests a targeted effort to monetize the institution's aggregated personal data. The choice to list the data on both dark and clear web channels was a deliberate strategy to maximize its reach and potential buyer pool, despite any later attempts at content removal. This event underscores a critical vulnerability in the university's data security posture, leading to the widespread exposure of sensitive records for a nominal financial sum. The breach impacted a vast number of individuals, representing a major incident of educational sector data compromise in the region. The public commodification of such a large dataset highlights the persistent risk faced by higher education institutions holding substantial personal information.