Security News

The University System of Georgia is sending data breach notifications to 800,000 individuals whose data was exposed in the 2023 Clop MOVEit attacks. The Clop ransomware gang leveraged a zero-day vulnerability in Progress Software MOVEit Secure File Transfer solution in late May 2023 to conduct a massive worldwide data theft campaign.

Stanford University says the cybersecurity incident it dealt with last year was indeed ransomware, which it failed to spot for more than four months. Keen readers of El Reg may remember the story breaking toward the end of October 2023 after Akira posted Stanford to its shame site, with the university subsequently issuing a statement simply explaining that it was investigating an incident, avoiding the dreaded R word.

Kansas State University announced it is managing a cybersecurity incident that has disrupted certain network systems, including VPN, K-State Today emails, and video services on Canvas and Mediasite. Kansas State University is a public land-grant research university offering 65 masters and 45 doctoral programs.

The Memorial University of Newfoundland continues to deal with the effects of a cyberattack that occurred in late December and postponed the start of classes in one campus. MUN is the largest public university in Atlantic Canada, with an academic and administrative staff of 3,800, and over 19,000 students from 100 countries.

The University of Michigan says in a statement today that hackers breaching its network in August accessed systems with information belonging to students, applicants, alumni, donors, employees, patients, and research study participants. Unauthorized access to the servers lasted between August 23-27, the university says, and the data exposed included personal, financial, and medical details.

On Tuesday, the University of Michigan warned staff and students that they must reset their account passwords after a recent cyberattack."The University of Michigan is requiring all community members to change their UMICH password by the end of day on Tuesday, September 12," UMICH CISO Sol Bermann and CIO Ravi Pendse said in emails to university staff and students.

The University of Sydney announced that a breach at a third-party service provider exposed personal information of recently applied and enrolled international applicants. In the data breach announcement, the university says that incident had a limited impact and the preliminary investigation found no evidence that local students, staff, or alumni have been impacted.