Stanford University has started notifying 27,000 individuals that their personal information was stolen in a ransomware attack on its Department of Public Safety (DPS).
The incident was discovered on September 27, 2023, but the attackers had access to the Stanford DPS network beginning May 12. The hackers were evicted from the environment and the network was secured shortly after the attack was discovered, the university says.
Roughly one month later, the Akira ransomware group claimed responsibility for the attack, claiming to have stolen over 400 gigabytes of data from the university. According to Stanford, the attackers accessed no other systems beyond the DPS network.
“The nature and scope of the incident required time to analyze, and it was ultimately determined that your information may have been impacted,” Stanford notes in the notification letter to the impacted individuals, a copy of which was submitted with the Maine Attorney General’s Office.
The stolen personal information, Stanford says, varies by individual, but may include names, dates of birth, Social Security numbers, passport numbers, driver’s license numbers, government ID numbers, and other information.
“For a small number of individuals, this information may also have included biometric data, health/medical information, email address with password, username with password, security questions and answers, digital signature, and credit card information with security codes,” Stanford said in an incident notice.
The university also said it has no evidence that the compromised information has been misused.
The investigation into the data breach continues, but impacted individuals are being notified and offered identity theft protection services, including credit monitoring, at no cost.
In February 2023, Stanford notified roughly 900 individuals that their personal information was compromised because a folder containing applications files for its Ph.D. program was left unprotected on its Department of Economics website.
In March 2021, the FIN11 hacking group posted on its Tor-based leak site files allegedly stolen from Stanford and other educational institutions during a cyberattack involving Accellion’s File Transfer Appliance (FTA) file sharing service.
Previously, Stanford was the victim of at least two cyberattacks, including one in which its website hosted phishing pages for months.
Related: EquiLend Ransomware Attack Leads to Data Breach
Related: Fidelity Investments Life Insurance Company Notifying 28,000 People of Data Breach
