Greenwich University was hacked in June, 2016, by an ex-student who held a grudge for being kicked off their course.
In retaliation, the ex-student breached a critical server and stole 19,500 people’s data (3.500 included sensitive information), which were uploaded to the dark web.
What was the motive behind the attack?
The ex-student believed that by showcasing their hacking “elite” skills then the university would be willing to accept them back.
“So due to my elite skills and e-fame, you guys decided to kick me out of University because you couldn’t handle the beast.”
“In response to this, I’ve used the skills I’ve obtained to show you how good I actually am. Please let me come back,”
Whereas their motives for the breach may have been good, the releasing of these details to the dark web was malicious and the university were forced to report the attack to the ICO and resulted in them receiving a £120,000 fine.
With GDPR now in place, the penalty for such a breach would be much more severe (€20 million or 4% of annual turnover).