At the end of February, Southeastern University in Louisiana announced an outage that resulted in the school taking its network offline.
Since then, and as DataBreaches first reported on March 4, they have been less than transparent about what happened and the scope of what we know was a ransomware incident involving the BianLian ransomware gang. Has Southeastern ever even admitted that this was a ransomware attack?
Yesterday, WBRZ reported that the university’s lack of transparency has continued and the university has not answered media inquiries about data being leaked on the dark web.
The BianLian site claims to have 150 GB of files from the university, which they appear to have leaked in 103 parts. Their description of the data indicates it includes accounting data, marketing data, financial data, educational data, and business data.
Their listing does not provide any screencaps of files with personal or personnel data, and to figure out what they have leaked, one needs to first download and combine all 103 parts.
If the university continues to stonewall questions about the incident, sooner or later someone will download and analyze the leak. And it won’t be a good look for the university if people find out from the media that their data have been stolen and leaked instead of first hearing that from school. But time will tell.