August 12, 2024 at 09:18AM
Over 200,000 individuals were impacted by a data breach at the East Valley Institute of Technology (EVIT) in January 2024. The compromised data includes personal and health information such as names, addresses, Social Security numbers, medical records, and biometric data. EVIT has taken steps to secure its systems and is providing identity protection services to those affected.
After reviewing the meeting notes, it is clear that there has been a data breach at the East Valley Institute of Technology (EVIT) affecting over 200,000 individuals. The breach, which occurred on January 9, resulted in unauthorized access to sensitive information including personal, health, and financial data of current and former students, staff, faculty, parents, and potentially other individuals associated with EVIT.
The compromised information includes a wide range of data such as names, addresses, Social Security numbers, medical information, financial aid details, biometric data, login information, and more. EVIT has notified potentially impacted individuals and engaged a third party to review the affected files. However, the specific impact on each individual varies, and EVIT has stated that it found no evidence of the compromised data being published online.
The attack was attributed to the LockBit ransomware group, who threatened to leak data unless a ransom was paid. While it is unclear if the cybercriminals made any files public, the Tor-based website associated with the group has since been taken down following a law enforcement operation.
In response to the attack, EVIT has taken several measures including changing passwords, revoking permissions, deploying EDR software, replacing virtual servers, locking down VPN access, and performing domain cleanup. Additionally, the institute is providing affected individuals with one year of free identity protection and ID theft recovery services as a result of the breach.
This is a serious and significant breach, and EVIT is taking steps to mitigate the impact on the affected individuals while also strengthening their cybersecurity defenses to prevent future incidents.