Stanford University’s Systems Went Unnoticed for Over Four Months with Akira Ransomware Virus

Stanford University Announces Cybersecurity Breach Lasting Over Four Months

Stanford University, USA, has exposed a cybersecurity incident originating from last year. The esteemed University’s systems were subjected to a sustained assault from the Akira ransomware virus, which functioned unnoticed for over four months.

Cyber Attack Impact

Stanford University was publicly shamed on hacker group Akira’s ‘Wall of Shame’ in late October 2023. The University then published a comment acknowledging the breach, neglecting to mention the ransomware virus. As of today, the repercussions are clear, with 27,000 individuals’ private data affected. Those individuals have been informed via official notifications.

Data Breach Details

The intrusion occurred on May 12, 2023, with the University’s Public Safety Department being the primary target. However, Stanford University first became aware of the intrusion on September 27, per documents filed in the Maine Attorney General’s office. The University has yet to clarify why it took so long to detect and whether the intruder retained access to the system.

Affected Information

The University has not detailed the compromised data, but the documents refer to three types of data involved, including names and social security numbers. Victims are offered 24 months of free credit monitoring, a $1 million insurance policy, and identity theft restoration services.

Hackers’ Claims

The Akira group alleges to have stolen 430 GB of data, including personal information and classified documents. The data is accessible via a torrent file for anyone interested, suggesting the University declined to pay the ransom. Since commencing operations in March 2023, Akira has demanded various ransom amounts, from six-figure sums to millions of dollars. The group has claimed responsibility for significant attacks on other establishments, including the Toronto Zoo, Nissan’s Australian branch, Mercer University, and Lush – a bath bomb manufacturer. Cybersecurity experts recommend close surveillance of the Akira and 8Base groups in 2024.

Related Posts