14 DAY TRIAL // Information about employees from several universities in the United States has been released online by a group of hackers operating under the name Team Carbonic.
The list of educational institutions includes California State University, Fordham University, University of Kentucky, University of Connecticut, University of Maryland, Coastal Carolina University, Cornell University, and Abertay University.
Multiple entities have been hit
The list, however, is larger than this, and also includes other entities, that are not part of the education sector or based in the US.
Fans of the Football Manager game have also been affected, as data from their profiles is on the list of the dumps, too. However, checking a few of the email addresses shows that they are present in at least one older leak published in 2014.
Biomax, a Colombian company involved in distributing petroleum-based products, has been targeted by the hackers, too; the dump contains email addresses and phone numbers, among other details.
It appears that the hacking deeds were carried out by a member of Team Carbonic, who goes by the online moniker MarxistAttorney.
In a statement posted on Sunday on Pastebin, the hacker said that they hacked the network systems just for the fun of it. Also, they claimed that they were in possession of thousands of log-in credentials, employee IDs, and other sensitive data belonging to the universities.
Hackers are confident they won't get caught
The intention of the hackers is to make everything public in order to show that the IT division that was supposed to protect the information is not sufficiently prepared for hacker intrusions and that the details in the databases are at risk.
At the moment, the data is available at least in two locations online, both controlled by the hackers.
It is unclear if the educational institutions listed by the hackers are currently aware that unauthorized individuals may have breached the security of their servers and sensitive details have been exposed to the public.
On both websites that provide access to the data dumps, the hackers have posted a message mocking any attempt to report them to law enforcement.
“LEGAL NOTE: We reserve the right to ‘lul’ at any and all attempts of ‘reporting us to the internet police,’” Team Carbonic wrote.
[UPDATE, January 11]: A statement has been released by Fordham University in relation to the incident. Senior director of communication, Bob Howe, said that the data dumped by the hacker was pulled from older leaks, from 2010 and 2014.
"Fordham University user information has not been compromised. The claim posted by @MarxistAttorney and Team Carbonic is recycled from 2010 (and again in 2014), and erroneously attributed data, ostensibly stolen from http://www.kaplanfinancial.com, to Fordham University. The actual content did not contain Fordham usernames nor passwords in 2010/2014, and still does not. Fordham values and vigorously defends the protection of its community's Personally Identifiable Information (PII). The University will continue to monitor events surrounding this alleged breach," Howe said.