Stanford University failed to detect ransomware intruders for 4 months

Stanford University failed to detect ransomware intruders for 4 months

March 13, 2024 at 08:08AM

Stanford University confirmed a ransomware incident, admitting to detecting it four months after the breach. The attack targeting the Department of Public Safety exposed 27,000 individuals’ information. The university notified affected individuals and offered credit monitoring and security enhancement. Perpetrators, Akira, demand, but Stanford refused to pay. Akira has targeted various organizations and was identified as a significant ransomware group for 2024.

From the meeting notes:
– Stanford University experienced a cybersecurity incident involving ransomware, which went undetected for more than four months.
– The incident, targeting the Department of Public Safety, was discovered on September 27, 2023, despite occurring on May 12 of the same year.
– The data breach resulted in the theft of personal information and confidential documents, including names and social security numbers.
– Stanford University is providing affected individuals with 24 months of free credit monitoring and other protective services, emphasizing the seriousness of the situation and urging vigilance.
– The group responsible for the attack, Akira, has a history of ransomware attacks and is known for stealing large amounts of data and demanding varied ransom sums.

These are the key takeaways from the meeting notes.

Full Article