Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Stanford University Data Breach Impacts 27,000 Individuals

Stanford University is notifying 27,000 people of a data breach impacting their personal information.

Stanford University has started notifying 27,000 individuals that their personal information was stolen in a ransomware attack on its Department of Public Safety (DPS).

The incident was discovered on September 27, 2023, but the attackers had access to the Stanford DPS network beginning May 12. The hackers were evicted from the environment and the network was secured shortly after the attack was discovered, the university says.

Roughly one month later, the Akira ransomware group claimed responsibility for the attack, claiming to have stolen over 400 gigabytes of data from the university. According to Stanford, the attackers accessed no other systems beyond the DPS network.

“The nature and scope of the incident required time to analyze, and it was ultimately determined that your information may have been impacted,” Stanford notes in the notification letter to the impacted individuals, a copy of which was submitted with the Maine Attorney General’s Office.

The stolen personal information, Stanford says, varies by individual, but may include names, dates of birth, Social Security numbers, passport numbers, driver’s license numbers, government ID numbers, and other information.

“For a small number of individuals, this information may also have included biometric data, health/medical information, email address with password, username with password, security questions and answers, digital signature, and credit card information with security codes,” Stanford said in an incident notice.

The university also said it has no evidence that the compromised information has been misused.

The investigation into the data breach continues, but impacted individuals are being notified and  offered identity theft protection services, including credit monitoring, at no cost.

Advertisement. Scroll to continue reading.

In February 2023, Stanford notified roughly 900 individuals that their personal information was compromised because a folder containing applications files for its Ph.D. program was left unprotected on its Department of Economics website.

In March 2021, the FIN11 hacking group posted on its Tor-based leak site files allegedly stolen from Stanford and other educational institutions during a cyberattack involving Accellion’s File Transfer Appliance (FTA) file sharing service.

Previously, Stanford was the victim of at least two cyberattacks, including one in which its website hosted phishing pages for months.

Related: EquiLend Ransomware Attack Leads to Data Breach

Related: Fidelity Investments Life Insurance Company Notifying 28,000 People of Data Breach

Related: American Express Notifies Customers of Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Cody Barrow has been appointed the new CEO of threat intelligence company EclecticIQ.

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

More People On The Move

Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.