Cyber Incident Victim: Stanford University Department of Public Safety
Date:
Sep 2023
Location:
United States of America
Summary
Stanford University's Department of Public Safety experienced a cybersecurity incident involving a ransomware attack claimed by the Akira gang, which reportedly stole 430 gigabytes of data. The university confirmed the breach was contained to the department’s systems, with no impact on broader campus operations or emergency response capabilities. Affected systems were secured, and an investigation involving internal privacy teams and external specialists remains ongoing to determine the full scope of compromised information. This incident follows prior ransomware activity targeting the institution, though current findings indicate no additional university networks were breached.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Stanford University initiated an investigation into a cybersecurity incident targeting its Department of Public Safety (SUDPS) following a ransomware claim by the Akira gang on October 1, 2023. The attackers asserted they exfiltrated 430 gigabytes of data from SUDPS systems. University officials confirmed the compromise of a specific SUDPS system but stated no evidence indicated lateral movement to other university networks or disruption of emergency police operations. The affected system was isolated and secured shortly after detection. Stanford’s privacy and information security teams, assisted by external cybersecurity specialists, prioritized forensic analysis to determine the scope of accessed or stolen data. Initial public statements emphasized containment of the incident to SUDPS infrastructure, with no operational degradation of law enforcement services.
The Akira ransomware group, active since March 2023 and linked by researchers to remnants of the Conti syndicate, has targeted over 60 entities, including multiple educational institutions. This incident followed Akira’s pattern of attacking U.S. academic organizations, such as the University of Michigan’s August 2023 breach that required network disconnections. Stanford’s investigation remained ongoing as of the last reporting, with commitments to disclose findings post-inquiry. The university had prior experience with ransomware via a 2021 Clop gang intrusion exploiting Accellion FTA vulnerabilities, which compromised Stanford Medicine data including Social Security numbers. No explicit linkage between the 2021 and 2023 incidents was indicated in available disclosures.