Stanford University hit by ransomware: 27,000 affected in data breach

Stanford University has fallen victim to a significant data breach, with the personal information of 27,000 individuals compromised following a ransomware attack on its Department of Public Safety (SUDPS) network. The breach, discovered in September 2023, revealed that attackers had infiltrated the network as early as May. Details of the breach have been formally disclosed to Maine’s Attorney General.

The attack, attributed to the Akira ransomware group, resulted in the theft of a vast amount of sensitive data, including social security numbers, dates of birth, passport numbers, government IDs, driver’s license details, medical records, credit card information, login credentials, digital signatures, security questions, and other pertinent information linked to the Department of Public Safety.

The Akira ransomware group, known for targeting organizations across various sectors, has claimed responsibility for the breach, asserting access to over 400 GB of pilfered data. Disturbingly, the group has made the stolen data available on a dark website, posing a serious threat to affected individuals.

This incident is not the first cybersecurity breach to afflict Stanford University. In April 2021, the Stanford School of Medicine’s Accellion File Transfer Appliance platform fell victim to Clop ransomware, while in February 2023, the Department of Economics experienced a breach compromising Ph.D. program admissions information.