Excerpt from SpiceWorks Article, Published on Mar 14, 2024

Stanford University has revealed a significant data breach affecting 27,000 individuals following a ransomware attack on its Department of Public Safety (SUDPS) network. The breach, detected in September 2023 but with attackers gaining access since May of that year, underscores the escalating threat of cyberattacks targeting educational institutions. Details of the breach were disclosed to Maine’s Attorney General, shedding light on the severity of the incident. The compromised data encompasses a wide array of personally identifiable information, including social security numbers, dates of birth, passport numbers, government IDs, driving license details, medical records, credit card information, login credentials, digital signatures, security questions, and other sensitive data linked to the Department of Public Safety.

Attributed to the Akira ransomware group, responsible for infiltrating numerous organizations across various sectors, the attack resulted in the theft of over 400 GB of sensitive information. The group has brazenly made the stolen data available on a dark website frequented by threat actors, posing further risks to the affected individuals. This breach marks another cybersecurity setback for Stanford University, which has faced previous incidents of data compromise. In 2021, the Stanford School of Medicine fell victim to Clop ransomware targeting the Accellion File Transfer Appliance platform. Subsequently, in 2023, the university’s Department of Economics experienced another breach, exposing the information of Ph.D. program applicants.

Commenting on the broader implications of the incident, Matt Sparrow, a senior intelligence operations analyst at Centripetal, emphasized the vulnerability of higher education institutions to cyber threats. Sparrow highlighted the challenges universities face in fortifying their defenses amidst the constant influx of students and faculty, underscoring the necessity for robust cybersecurity measures and proactive engagement in threat mitigation strategies.

The breach serves as a stark reminder of the urgent need for educational institutions to prioritize cybersecurity and collaborate with industry experts to safeguard sensitive data against evolving cyber threats.

 

To delve deeper into this topic, please read the full article on SpiceWorks.