Security News > 2024 > March > Stanford University failed to detect ransomware intruders for 4 months

Stanford University says the cybersecurity incident it dealt with last year was indeed ransomware, which it failed to spot for more than four months.

Keen readers of El Reg may remember the story breaking toward the end of October 2023 after Akira posted Stanford to its shame site, with the university subsequently issuing a statement simply explaining that it was investigating an incident, avoiding the dreaded R word.

Akira targeted the university's Department of Public Safety and this week's filing with the Office of the Maine Attorney General indicates that Stanford became aware of the incident on September 27, more than four months after the initial breach took place.

We asked Stanford University for comment on the matter but it didn't immediately respond.

Akira's post dedicated to Stanford on its leak site claims it stole 430 GB worth of data, including personal information and confidential documents.

It's all available to download via a torrent file and the fact it remains available for download suggests the research university didn't pay whatever ransom the attackers demanded.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/03/13/stanford_university_ransomware/