Stratford University discloses ransomware attack — but which ransomware attack?
In September 2022, DataBreaches reported Stratford University had been the target of three ransomware attacks in previous months by REvil, Snatch Team, and Avos Locker. Snatch Team and Avos Locker had informed DataBreaches that neither had encrypted Stratford’s files; they exfiltrated and attempted to ransom them. Stratford never responded to inquiries from DataBreaches about the multiple claimed attacks.
DataBreaches’ report on Stratford University was published on September 8. At some later date, the school announced it was closing at the end of that term. The closure was reportedly not related to cyberattacks but to accreditation issues and finances that had arisen in August.
Stratford University has filed a breach notification with the Maine Attorney General’s Office. The report indicates that the breach occurred on August 26, 2022.
The appended notification letter, submitted to Maine appears to be reporting a single ransomware attack. There is no mention of attacks by multiple groups or data leaks by various bad actors. So which attack were they reporting?
REvil’s attack had been disclosed by REvil back in April of 2022. Snatch Team added their attack to their own leak site on August 17, presumably before the attack Stratford reported as occurring August 26. On January 15, 2023, Snatch Team dumped more than 50 GB of files from the school on their leak site. And Avos Locker started leaking the school’s data on September 7. So was it the Avos attack the university reported last week? And if so, were the other attacks ever disclosed to students or employees or to regulators?
The personal information obtained in the August attack reportedly included first and last name, phone number, address, email address, date of birth, student identification number, passport number, and Social Security number.
Stratford reported that a total of 78,692 individuals were affected. Presumably that is for the one incident they reported.
Although the university is now closed, a breach notice is linked from their home page.
DataBreaches sent an email inquiry to the university’s external counsel to inquire about the report to Maine and whether all three attacks were ever disclosed. No reply was immediately received. This post will be updated when a reply is received.