Stanford, CA – Stanford University is reaching out to individuals potentially impacted by a recent data security breach within its Department of Public Safety.
The breach, identified as a ransomware attack on September 27, 2023, prompted immediate action from the university, including notifications to law enforcement agencies and initiating a thorough investigation with a leading forensic investigator.
Standford University said that the investigation revealed unauthorized access to the Department of Public Safety’s network from May 12, 2023, until the breach was discovered.
Swift measures were taken to terminate the unauthorized access and secure the network. It is important to note that the incident was isolated to the Department of Public Safety’s systems and did not affect other Stanford networks or systems. Currently, no evidence suggests that any of the accessed information has been misused.
In February 2023, Stanford University reported another data breach following the exposure of admissions information for the Department of Economics Ph.D. program online from December 2022 to January 2023.
27,000 Users Data Leaked
The comprehensive forensic investigation has now identified individuals whose information may have been compromised. Stanford is notifying these individuals via mail and providing them with details on complimentary identity protection services.
According to data breach alerts sent to Maine’s Attorney General, the attackers stole papers containing the personally identifiable information (PII) of 27,000 people.
The types of personal information potentially affected include, but are not limited to, dates of birth, Social Security numbers, government IDs, passport numbers, driver’s license numbers, and, in some cases, biometric data, health/medical information, email addresses with passwords, usernames with passwords, security questions and answers, digital signatures, and credit card information with security codes.
The Akira Ransomware group is believed to be behind this attack. They have stated that they took 430Gb of files from Standford University’s Internal systems and are asking for nearly a million dollars in ransom.
The Akira ransomware group, which first appeared in March 2023, has been identified as a serious threat to data security. It encrypts data and demands a ransom for decryption, affecting Windows and Linux devices.
Stanford University takes the privacy and security of community members very seriously and is committed to supporting all those affected. The law enforcement investigation into the incident is ongoing, and Stanford is cooperating fully.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.