Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Privacy Security

Stanford University Failed To Detect Ransomware Intruders For 4 Months (theregister.com) 22

Connor Jones reports via The Register: Stanford University says the cybersecurity incident it dealt with last year was indeed ransomware, which it failed to spot for more than four months. Keen readers of El Reg may remember the story breaking toward the end of October 2023 after Akira posted Stanford to its shame site, with the university subsequently issuing a statement simply explaining that it was investigating an incident, avoiding the dreaded R word. Well, surprise, surprise, ransomware was involved, according to a data breach notice sent out to the 27,000 people affected by the attack.

Akira targeted the university's Department of Public Safety (DPS) and this week's filing with the Office of the Maine Attorney General indicates that Stanford became aware of the incident on September 27, more than four months after the initial breach took place. According to Monday's filing, the data breach occurred on May 12 2023 but was only discovered on September 27 of last year, raising questions about whether the attacker(s) was inside the network the entire time and why it took so long to spot the intrusion.

It's not fully clear what information was compromised, but the draft letters include placeholders for three different variables. However, the filing with Maine's AG suggests names and social security numbers are among the data types to have been stolen. All affected individuals have been offered 24 months of free credit monitoring, including access to a $1 million insurance reimbursement policy and ID theft recovery services. Akira's post dedicated to Stanford on its leak site claims it stole 430 GB worth of data, including personal information and confidential documents. It's all available to download via a torrent file and the fact it remains available for download suggests the research university didn't pay whatever ransom the attackers demanded.

This discussion has been archived. No new comments can be posted.

Stanford University Failed To Detect Ransomware Intruders For 4 Months

Comments Filter:
  • Find the asshats and make sure they never do it again, in whatever country they are.

    • Find the asshats and make sure they never do it again, in whatever country they are.

      Nonsense.

      If your house is repeatedly burgled, the solution is to put a lock on the door, not build more prisons.

      • The solution to crime isn't to eliminate every opportunity for it, and never has been, because that's inefficient and ultimately impossible. If your home is burgled, then I hope you get victim-blamed too.

  • OS and app software are super buggy. The tools that we have to find these things are reactionary and suck at finding novel software issues, they'll be sure to make it find something they know about ahead of time. You can blame IT but they are not clairvoyant.

    Stop clicking on scams people!

    • searched google lately? The results are a scam unless you toggle to tools then verbatim. They don't even have the decency to tell you upfront.
  • ...that would both not be stories if crypto were just !@#$$ing illegal.

  • Does anyone know why the Maine Attorney General is involved? Palo Alto is pretty fair from Maine and I didn't see any explanation in the article. Does Maine have better disclosure laws than other states? There is a filing which includes:

    Total number of persons affected (including residents): 27000
    Total number of Maine residents affected: 3
    If the number of Maine residents exceeds 1,000, have the consumer reporting agencies been notified:
    Date(s) Breach Occured: 05/12/2023
    Date Breach Discovered: 09/27/2023

    s

  • Don't perps who hold someone/something for ransome leave a ransom note or otherwise communicate with those they are demanding from? As written, this is very strange.
  • Silly people using the wrong tool for the job. SHUM.

No spitting on the Bus! Thank you, The Mgt.

Working...