Ransomware Breach at Stanford University in September Exposed the Personal Information of 27,000 Individuals

by | Mar 13, 2024 | News

Post Views: 279

Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Reading Time: 3 Minutes

Stanford University has revealed that the personal data of 27,000 individuals was pilfered in a ransomware attack targeting its Department of Public Safety (SUDPS) network.

The attack was uncovered on September 27, with the university publicly acknowledging the incident a month later while commencing a thorough investigation into the cybersecurity breach impacting SUDPS systems.

In a recent update, Stanford clarified that the attackers managed to breach solely the Department of Public Safety’s network, without accessing other university systems.

“The investigation determined that an unauthorized individual(s) gained access to the Department of Public Safety’s network between May 12, 2023, and Sept. 27, 2023,” the university stated.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses

Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Data breach notifications submitted to Maine’s Attorney General revealed that the attackers exfiltrated documents containing personally identifiable information (PII) of the 27,000 individuals affected.

“The compromised personal information may include varying details such as date of birth, Social Security number, government ID, passport number, driver’s license number, and other data collected by the Department of Public Safety in its operations,” Stanford elaborated.

“For a select few individuals, the stolen information might also encompass biometric data, health/medical records, email addresses with passwords, usernames with passwords, security Q&A, digital signatures, and credit card data with security codes.”

While Stanford hasn’t directly attributed the September incident to a specific ransomware group, the Akira ransomware gang claimed responsibility in October, asserting to have absconded with 430GB of files from the university’s systems.

The cybercriminals have subsequently released the pilfered data on their dark web leak site, enabling access via BitTorrent downloads.

Akira Stanford data leak (BleepingComputer)

The Akira ransomware operation emerged in March 2023 and swiftly garnered notoriety by targeting entities across diverse industry sectors. By June 2023, the group had developed a Linux encryptor to target VMware ESXi virtual machines widely used in enterprise settings.

Negotiation logs reviewed by BleepingComputer indicate that the ransomware gang is demanding ransom payments ranging from $200,000 to several million dollars, based on the breached organization’s size.

This isn’t Stanford’s first encounter with cybersecurity breaches. In February 2023, the university disclosed another data breach after the exposure of admission information for its Department of Economics Ph.D. program. Additionally, in April 2021, the Clop ransomware group leaked documents stolen from Stanford School of Medicine’s Accellion File Transfer Appliance (FTA) platform.

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link