Stanford University is in the process of notifying 27,000 individuals that their personal information may have been compromised following a ransomware attack on its Department of Public Safety (DPS). The breach was discovered on September 27, 2023, with hackers having accessed the DPS network since May 12. The university has since secured the network and evicted the attackers.
The Akira ransomware group claimed responsibility for the attack, alleging to have stolen over 400 gigabytes of data. However, Stanford asserts that no other systems beyond the DPS network were accessed. The compromised data includes a range of personal information, such as names, Social Security numbers, and potentially even biometric and medical data for a small number of individuals.
Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, emphasizes the importance of patching software and devices to prevent such attacks. "Akira ransomware often targets unpatched software and devices," Grimes stated. He advises organizations to prioritize patching vulnerabilities listed in CISA's Known Exploited Vulnerability Catalog to mitigate the risk of attacks.
Matt Sparrow, Senior Intelligence Operations Analyst at Centripetal, highlights the vulnerability of higher education institutions to cyberattacks. "Institutions of higher education are prime targets for cyberattacks," Sparrow noted. He stresses the need for universities to engage in cybersecurity dialogues, forge partnerships, and deploy intelligence-powered cybersecurity solutions to proactively shield against known and emerging threats.
Stanford's investigation into the breach is ongoing, and the university is offering identity theft protection services, including credit monitoring, to the impacted individuals at no cost. This incident follows previous cybersecurity issues at Stanford, including a data breach in February 2023 and an attack involving Accellion's File Transfer Appliance in March 2021.