Stanford University and the University of California, Davis (UC Davis) announced they were victimized by the Accellion data breach, joining a growing list of schools. Reports indicate the CLOP ransomware group contacted the universities and demanded $10 million in bitcoin or the attackers would publish the stolen data.
In a press release, UC Davis said that “at this time, we believe this attack affected only the Accellion system and did not compromise other UC systems or networks.” The school is conducting an investigation that involves reviewing the files it believes may have been copied and transferred as part of the attack. “Upon completion of our review, we should be able to better assess the data and individuals impacted,” the school said. “Once we can identify affected individuals, we will notify them and provide information regarding additional next steps.”
UC Davis also said it believes the people behind the attack are sending threatening mass emails to members of the UC community in an attempt to get them to pay a ransom. However, “by their nature, these kinds of attacks are very broad and somewhat imprecise. Accordingly, some UC community members receiving these threatening emails will not have had their data compromised, while other community members with compromised data may not receive any email,” UC Davis said.
The Stanford Daily – Stanford University’s student-run newspaper – reported that the ransomware group has leaked stolen data belonging to members of the Stanford community, including Social Security numbers, addresses, emails, family member identities, and financial information. The data was stolen from Stanford Medicine.
“We are working to determine whether individuals’ personal data has been affected, and we will notify any affected individuals,” School of Medicine spokesperson Julie Grecius said.
Stanford Medicine Chief Financial Officer Randy Livingston and Stanford Medicine Dean Lloyd Minor emailed the entire Stanford community and said the school was in the process of analyzing the stolen data and is working with a “leading cyber-forensics firm.” It also launched a website dedicated to sharing information about the breach.
Stanford and UC Davis have joined the University of Miami and the University of Colorado in confirming that they were also victims of the Accellion attack. The universities both said the ransomware group began publishing screenshots of files stolen from Accellion servers used by the universities. The stolen files contained university financial documents, student grades, academic records, enrollment information, student biographical information, and patient healthcare data, including medical records, demographic reports, and a spreadsheet with email addresses and phone numbers.