Virginia Commonwealth University School of the Arts Qatar (VCUQ) recently disclosed a data breach that occurred in July 2024, potentially affecting an undisclosed number of individuals. The breach compromised personal information, including names, dates of birth, email addresses, phone numbers, nationalities, and sensitive data related to services provided to VCUQ, such as payment amounts and itineraries. VCUQ issued a notice to those impacted, indicating that some personal information may have been accessed during the incident, though financial accounts were reportedly not compromised.
The ransomware group Dispossessor claimed responsibility for the attack and posted a video showing the data allegedly stolen. However, VCUQ has not verified these claims or confirmed the extent of the breach. The school has also not disclosed details about how the breach occurred or how many people were affected. The notice advises that individuals remain vigilant for phishing attempts and monitor their financial accounts, although no identity protection or credit monitoring services were offered by VCUQ.
Dispossessor, also known as Radar or R&D, emerged in March 2024 and has been linked to several ransomware attacks, primarily targeting healthcare companies. In addition to the VCUQ breach, Dispossessor claimed responsibility for attacks on Long Island Plastic Surgical Group, Aire Dental Arts, and Delhi Hospital. The group is known for its collaboration with other ransomware groups, including ALPHV/BlackCat, in some attacks where ransom payments were negotiated or made.
VCUQ, located in Ar-Rayyan, Qatar, is part of Virginia Commonwealth University’s School of the Arts. The university was the first American college established in Qatar’s Education City in 1998 and currently enrolls around 300 students each semester. The school has not commented on whether a ransom was paid or provided additional details on how the breach will be handled moving forward.
Reference:
