← All newsletters

College/University Cyber Alert Special Bulletin — Security Alert July 2026
Feature · Account-Takeover Alert

When the Coach Is the Hacker

A former college football assistant coach is charged with breaching athletes' accounts at more than 100 schools — a wake-up call for every campus. The trial is still pending.

In March 2025, federal prosecutors unsealed a 24-count indictment against a former major-university assistant football coach — a longtime college and professional-league assistant — charging 14 counts of unauthorized computer access and 10 of aggravated identity theft.

The alleged intrusions didn't stop at his own locker room. From 2015 through January 2023, the Justice Department says, he reached into athlete databases held by a third-party athletics-software vendor used by more than 100 colleges and universities.

Prosecutors say he downloaded the personal and medical records of more than 150,000 student-athletes, then used stolen and cracked credentials to break into roughly 3,300 individual accounts — over 2,000 athletes plus 1,300-plus students and alumni — hunting private photos and messages, primarily of women. More than 50 women have since filed suit over the breach. The cases are still pending adjudication.

The lesson for leadership is uncomfortable: no foreign state or elite malware was needed — just one trusted insider, weak credential hygiene, and a soft third-party vendor. Every campus already has all three.

100+colleges & universities exposed
150,000+student-athlete records taken
~3,300personal accounts breached
24federal criminal counts

Athletics Is Only the Opening Play

Stolen selfies make headlines. The data adversaries and ransomware crews really want lives inside your research institutes, medical centers, and administrative systems: genomic and clinical records, grant-funded science, and the Social Security number of everyone on campus.

In 2025 alone, education absorbed 251 ransomware attacks and nearly 4 million breached records. These are not selfies — they are lives, careers, and decades of research.

1.4M patients

Texas Tech Univ. Health Sciences Center — SSNs, medical & financial data (2024)

870K people

Columbia University systems breached (2025)

3.49M individuals

University of Phoenix records compromised (2025)

And it scales: one supply-chain attack on the MOVEit file-transfer tool reached roughly 900 U.S. institutions through the National Student Clearinghouse.

Your Phone Is the Front Door

+224%rise in phishing aimed at universities (2024)
83%of phishing attacks now target mobile devices
6–10×more likely to fall for a text-message scam

The Shield: Zimperium Mobile Threat Defense

On-device AI detects zero-day threats with no cloud lookups — and keeps working offline.

Absolute on-device privacy: sensitive personal data never leaves the phone.

Stops phishing, malicious apps, and network and device attacks — all four threat vectors.

Recognized as a Leader in the Forrester Wave for mobile threat defense.

All information provided herein is non-confidential and is in the public domain and readily available to any interested party.