A threat actor operating under the alias “iCap0ne” has posted a data breach offer targeting Mansoura National University in Egypt on a popular dark web forum. The post claims to contain sensitive data from 11,783 individuals, including 310 employees and 11,473 students, extracted from CSV exports totaling 121MB.
The data, allegedly leaked on June 5, 2025, is being sold in two pricing tiers:
- Standard Access: $300
- Exclusive Rights: $900 (single buyer with full removal of the listing)
According to the threat actor, the CSV files include sensitive information below:
- Employee Data: Full names, job titles, department details, emails, national IDs, date of birth, hire dates, employment status, and more.
- Student Data: Names, email addresses, phone numbers, home addresses, birth dates, gender, nationality, and faculty information.
- Attendance Logs: Security and cleaning personnel activities, daily entries, and user activity logs.
- Course Data: Video watch logs, course duration, and timestamps, which could be exploited for profiling or behavioral analysis.
The threat actor noted that the dump is multi-file and relational, suitable for conversion into a structured database for academic profiling, targeted job recruitment, or even surveillance by malicious entities. Both staff and student tables are included, increasing the value and potential impact of the leak.
This breach highlights the growing trend of cyberattacks targeting higher education institutions across Africa. Academic environments hold troves of personal, educational, and operational data that are increasingly being exploited for monetary and intelligence gains.
Such incidents raise serious concerns around:
- Identity theft risks
- Academic profiling by competitors or authoritarian regimes
- Surveillance opportunities enabled by course and log data
- Social engineering targeting students and staff