March 12, 2024 at 03:52PM
Stanford University reported a ransomware attack on its Department of Public Safety (SUDPS) network, compromising personal information of 27,000 individuals. The breach occurred between May 12 and September 27, 2023. Stolen data included sensitive details like Social Security numbers and health/medical information. The Akira ransomware gang claimed responsibility and leaked the data on the dark web.
Based on the meeting notes, here are the key takeaways:
1. Stanford University experienced a ransomware attack on its Department of Public Safety (SUDPS) network, resulting in the theft of personal information of 27,000 individuals.
2. The attackers gained unauthorized access to the SUDPS network between May 12, 2023, and September 27, 2023.
3. Personally identifiable information (PII) potentially exposed includes date of birth, Social Security number, government ID, passport number, driver’s license number, health/medical information, email addresses and passwords, usernames and passwords, security questions and answers, digital signatures, and credit card information with security codes.
4. The Akira ransomware group has claimed responsibility for the attack and published the stolen data on their dark web leak site for download via BitTorrent.
5. The Akira ransomware group has a history of targeting victims across various industry verticals and has been known to demand ransom payments ranging from $200,000 to millions of dollars.
6. This incident is not the first data breach experienced by Stanford University, as they had also disclosed breaches in February 2023 and April 2021.
These takeaways provide a clear summary of the ransomware attack and data breach experienced by Stanford University and the potential impact on individuals and the institution’s cybersecurity.