Stanford University Cyberattack: Personal Data of 27,000 Compromised in September Ransomware Breach


Stanford University

Stanford University has announced a significant security breach in its Department of Public Safety's (SUDPS) network system, revealing that the personal information of 27,000 individuals was compromised due to a ransomware attack. The incident, uncovered on September 27, was not immediately disclosed until a month later, indicating the university was conducting thorough investigations into the cybersecurity episode that specifically impacted the SUDPS systems.

Following detailed investigations, Stanford clarified on a recent Monday that the breach was contained within the Department of Public Safety's network, reassuring that no other university systems were accessed by the attackers. The inquiry into the breach confirmed that unauthorized access was achieved by one or more individuals who infiltrated the network over a significant period, from May 12, 2023, to September 27, 2023.

Documents containing sensitive personally identifiable information (PII) of the affected individuals were unlawfully extracted by the perpetrators, as detailed in breach notifications submitted to the Attorney General of Maine. The compromised information encompasses a range of personal data, varying for each individual but potentially including dates of birth, Social Security numbers, various government-issued IDs, passport numbers, driver’s license numbers, and other pertinent data collected by the SUDPS in its operational duties. A subset of the affected individuals also had more sensitive information stolen, such as biometric data, health and medical information, email and password combinations, usernames with passwords, security questions and answers, digital signatures, and credit card information complete with security codes.

Although Stanford University has yet to officially attribute this cyberattack to any specific group, the Akira ransomware gang took credit in October, claiming to have exfiltrated 430Gb of files from the institution's network. The gang has made this pilfered data publicly accessible on their dark web leak site, offering downloads through BitTorrent.

The emergence of the Akira ransomware operation in March 2023 marked the arrival of a formidable threat in the cybercrime landscape, with the group targeting various sectors rapidly. By mid-2023, the operation had already introduced a Linux encryptor aimed at VMware ESXi virtual machines, a common infrastructure component in enterprise environments. The financial demands from this group for the return of the stolen data have been varied, with reports of ransom requests ranging from $200,000 to several million dollars, reflecting the scale and perceived value of the targeted organizations.

This recent event is not the university's first encounter with data security issues. A separate breach was disclosed by Stanford in February 2023, involving the accidental exposure of admission information for the Department of Economics Ph.D. program between December 2022 and January 2023. Additionally, the university faced another serious data breach in April 2021 when documents were leaked online following a ransomware attack on the Stanford School of Medicine's Accellion File Transfer Appliance (FTA) platform by the Clop ransomware group.

These repeated breaches underscore the ongoing challenges and critical importance of cybersecurity measures in protecting sensitive information within academic institutions. As cybercriminal activities become more sophisticated, universities like Stanford are reminded of the need for constant vigilance, prompt incident response, and the implementation of advanced security protocols to safeguard their networks and the privacy of their communities.

Post a Comment