A number of prominent U.S. colleges have become the newest, unlucky recipients of a cybersecurity migraine currently affecting dozens of organizations all over the world.
You may have heard something about Accellion—the global cloud provider whose secure-file transfer product (called FTA) was beset by a hacking campaign back in December. If you haven’t heard about it, you can read a recent run-down of the whole trainwreck here. All you really need to know, though, is that a lot of organizations previously used Accellion’s FTA product to store and share data, it had big security flaws, and a pitiless hacker gang decided to exploit those flaws to steal data from dozens of organizations, including—apparently—schools.
Yes, about half a dozen universities recently announced that they had been swept up in the hack. Now, those schools also appear to have had some of their data leaked online by the hackers—in an apparent bid to get them to pay the criminals’ ransom.
As of Thursday, at least six different universities have allegedly had their data leaked to the dark web—the likes of which includes quite sensitive information. The victims are: Stanford University, the University of Maryland Baltimore, the University of Miami, the University of California Merced, the University of Colorado Boulder, and the Yeshiva University, a prominent private research university based in New York City.
On the hacker’s leak site, Gizmodo can confirm that data allegedly stolen from a number of the schools has been posted and is publicly visible. In some cases, it includes what appears to be student or employee names, social security numbers, phone numbers and addresses, and even a transcript, in one case.
UC Davis has been affected by the attacks, too. In a statement released to its community Wednesday, the California school admitted that Davis had suffered “a cybersecurity attack” and that data had been stolen, though it did not reveal that data had yet been leaked to the web. The school does not currently have a “page” on the hacker’s leak site, either.
Universities (and schools, in general) have had a pretty tough time with hackers since the beginning of the pandemic. Schools are natural targets for attacks, because they are giant warehouses of information (personal, academic, and financial), all of which can be stolen. Covid only made schools bigger targets, due to a number of different factors. In summary, pray for the poor college student who, on top of the sheer hell of having to learn via Zoom these days, must now worry about whether some dark web cretin is currently plotting to steal their identity. School should be a lot more fun than this.