University officials say an investigation learned of suspicious activity on a computer network where hackers were able to get the personal information of individuals tied to the University of Michigan during a cyberattack back in August, 2023.
The investigation determined an unauthorized third party was able to access personal information relating to certain students and applicants, alumni and donors, employees and contractors, University Health Service and School of Dentistry patients, and research study participants.
The information included social security numbers, driver’s licenses or other government-issued identification numbers, financial account or payment card numbers, and health information. The university determined that the hacker gained access between Aug. 23-27.
Education is one of the most targeted sectors for ransomware. One reason educational organizations are at such high risk is because of the valuable information they store. They have social security numbers, banking information, credit card numbers, birthdates, and other personal information. In addition, this information does not just stem from students, but from all employees and parents. Another reason the education sector is targeted is because typically their IT equipment is not always state of the art. The school districts have budgetary constraints that make it difficult to fund IT security investments.
According to a study done by Emsisoft Malware Lab, in 2019, the United States was hit by a myriad of ransomware attacks “that impacted at least 966 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion.” That number is astounding. Of these attacks, 89 were educational sectors which potentially affected 1,233 individual schools. These numbers demonstrate the severity of the issue and reiterate the need for a data backup and recovery plan.
The attack is just the latest in an upward trend or attacks over the last few years.
As reported on by Infosecurity Magazine, nearly half of all ransomware attacks now target small schools and municipalities.
Ransomware attacks on the national education sector have surged by 80% in the past year alone, according to the Institute for Security and Technology.