On Thanksgiving Eve, while the rest of Plymouth Rock Institute of Technology (PRIT) was bustling with students heading home and staff shutting down their offices, one employee lingered at their desk, catching up on emails. Among the usual clutter sat a message with the cheerful subject line: “Happy Thanksgiving!”

It looked harmless enough, festive, even. The message promised a dancing turkey video, complete with bright autumn leaves twirling around. Tired and eager to leave, the user clicked. The “turkey” sprang to life, but so did something else. Behind the scenes, the email mutated, replicating itself and forwarding it to every inbox at PRIT. Within minutes, tens of thousands of accounts were flooded with messages. Faculty, students, and staff clicked, laughed—or cursed—and unwittingly spread the bird even further. The university’s network groaned under the avalanche, then froze—classes, grades, payroll, all services that relied on the network, ground to a halt.

But the denial of service was only the appetizer. While IT scrambled to understand why their systems were suffocating, hackers used the chaos as cover. They probed firewalls, slipped into servers, and attempted to steal and encrypt sensitive data. Student records, employee payroll files, and medical histories were prime targets for theft and ransomware.

Throughout the holiday, the InfoSec team tirelessly reinforced firewalls, disabled phishing accounts, and safeguarded backup systems. They dedicated extra hours despite fatigue. In their commitment to security, the InfoSec team sacrificed their Thanksgiving dinners, focusing instead on protecting vital systems.

For the unfortunate user who clicked, their weekend was spent in quiet panic. The joy of the holiday was replaced with dread: Would this cost them their job? Could the university recover? Would anyone ever forgive them?

By the time the crisis was ultimately resolved, the Thanksgiving holiday had been disrupted for all parties involved. This included the Information Security team, faculty, and staff who lost access to essential systems, particularly the employee whose inadvertent action initiated the widely known “Dancing Turkey Incident.” The lesson was as bitter as it was clear: sometimes, the smallest click can carve up a holiday. The “Dancing Turkey Incident” is a powerful reminder: One careless click can shut down our campus and put everyone’s data at risk. 

Spot something suspicious in your email? Don’t be a turkey; report it immediately to abuse@chapman.edu.

Let’s make cybersecurity a team effort—every day, especially during the holidays.

Stay safe, stay vigilant!

Keith Barros
Chief Information Security Officer (CISO)
Chapman University