March 13, 2024 at 08:33AM
Stanford University notified 27,000 individuals of a ransomware attack on its Department of Public Safety. The attack, discovered in September 2023, occurred in May, and the Akira ransomware group claimed responsibility for stealing personal information. Stanford is providing identity theft protection services and has no evidence of misuse of the compromised information.
From the meeting notes, it is clear that Stanford University has experienced several serious data breaches over the past few years. The most recent incident involves a ransomware attack on the Department of Public Safety, which resulted in the theft of personal information from approximately 27,000 individuals. The university has indicated that the stolen data may include a wide range of sensitive information, such as names, dates of birth, Social Security numbers, and even biometric and health/medical information for a small number of individuals.
It’s important to note that this is not the first time Stanford has faced a data breach. In February 2023, approximately 900 individuals were notified of another incident involving compromised personal information, and in March 2021, files allegedly stolen from Stanford were posted on a Tor-based leak site after a cyberattack involving Accellion’s File Transfer Appliance (FTA) file sharing service.
Given the repeated nature of these incidents, it is evident that cybersecurity remains a critical concern for Stanford University. The university has taken steps to address the latest breach, including notifying affected individuals and offering identity theft protection services. However, the ongoing investigation into the data breach suggests that further measures may be necessary to prevent similar incidents in the future. It will be important for the university to continue strengthening its cybersecurity protocols and response mechanisms to safeguard the personal information of its students, faculty, and staff.