DePauw University has issued a warning to students about a recent data breach following a ransomware attack on the institution. Current and prospective students were notified of the incident through letters on November 27, offering one year of free identity protection services. The attack was detected on October 31, with the university collaborating with federal law enforcement and cybersecurity experts for investigation.
The preliminary findings suggest a limited amount of data on specific individuals was accessed. While the university did not specify the compromised information, the Black Suit ransomware gang claimed responsibility, asserting the theft of 214 GB of data. The liberal arts school, based in Greencastle, Indiana, serves around 1,700 students and is reviewing and enhancing security protocols in response to the incident. The attack disrupted campus internet services on November 1, affecting students’ access to printers, email, and the university network. This breach adds DePauw University to the growing list of educational institutions targeted by ransomware in 2023.
According to Emsisoft ransomware expert Brett Callow, 76 post-secondary schools have experienced such attacks this year, surpassing the 44 incidents recorded in 2022. Threat intelligence analyst Allan Liska attributes the rise to an increased number of ransomware groups, coupled with schools being perceived as easier targets. The situation highlights the concerning trend of educational institutions facing heightened cybersecurity threats, with some ransomware groups specializing in targeting schools explicitly.
Rhysida and LostTrust are mentioned as groups known for focusing on educational entities. Liska observes a significant surge in attacks on various educational levels globally, from K-12 to colleges and universities. The overall number of ransomware attacks on schools in 2023 has reached 246, up from 189 in the previous year. The alarming frequency underscores the urgent need for improved cybersecurity measures and heightened vigilance within the academic sector to protect sensitive student information.