On Thursday, Stanford University announced that it’s looking into the alleged theft of personal data from those in the School of Medicine community.
Hackers reportedly gained access to information in a 20-year-old file transfer system used by the school. The cybercriminals stole data including Social Security numbers, addresses, emails, family members and financial information.
“Stanford University School of Medicine has learned that cybercriminals have claimed they have stolen some School of Medicine data,” the university said. “We are investigating this incident and we have reported the incident to law enforcement.”
At this time, school officials aren’t sure how many people were affected by the breach. The incident has been reported to law enforcement.
“We are working to determine whether individuals’ personal data has been affected, and we will notify any affected individual,” the university said. “We take data protection very seriously, and as a best practice, we recommend that all individuals remain vigilant and promptly report any suspicious activity or suspected identity theft to the Stanford School of Medicine.”
Part of a larger attack
Stanford said the hack was part of a larger national cyberattack on universities and organizations that use a widely used file transfer service called Accellion.
Other victims of the attack include the University of Colorado, Washington State’s auditor, Australia’s financial regulator, the Reserve Bank of New Zealand and U.S. law firm Jones Day. Some institutions received ransom demands from the hackers. The bad actors threatened to leak more information unless they received money.
“This is a 20 year old legacy system. And these are notoriously insecure,” said Jack Cable of the Stanford Daily. “This is something that’s endemic across probably all universities and large companies, in that they’re dependent on software that is really old and is likely pretty vulnerable. That’s why we’re seeing so many breaches.”