The East Valley Institute of Technology (EVIT) in Arizona has disclosed a major data breach affecting over 200,000 individuals. The incident, which took place on January 9, 2024, involved unauthorized access to sensitive personal and health information of current and former students, staff, faculty, and parents. Compromised data includes names, Social Security numbers, addresses, medical records, financial aid information, and biometric data. This extensive breach has raised significant concerns about the security of personal information within educational institutions.
Following the breach, EVIT promptly took action to contain the damage. The institute engaged a third-party firm to conduct a comprehensive review of the affected files and has notified the individuals potentially impacted by the cyber-incident. Despite thorough investigations, there has been no evidence to suggest that the stolen data has been publicly disclosed. EVIT has also reported the incident to relevant authorities and consumer reporting agencies, taking steps to mitigate the potential impact on affected individuals.
The LockBit ransomware group, known for targeting organizations with ransomware attacks, has claimed responsibility for the EVIT breach. The group had initially threatened to release the stolen data unless a ransom was paid, but it remains unclear whether any files were actually published. In response to the attack, EVIT implemented several security measures, including changing passwords, deploying endpoint detection and response (EDR) software, and performing domain cleanup to prevent further compromises.
To assist those affected by the breach, EVIT is offering one year of free identity protection and ID theft recovery services. The institute has also undertaken significant measures to enhance its cybersecurity posture, including securing its systems and improving overall data protection practices. This incident highlights the growing threat of cyberattacks on educational institutions and underscores the need for robust security protocols to protect sensitive information.
Reference:
