At a glance.
- Cybercriminals dump highly sensitive school data.
- MOVEit exploitation leads to theft of millions of insurance records.
Cybercriminals dump highly sensitive school data.
Educational institutions have become attractive targets for hackers due to the large volume of personal data they must collect, much of which goes inadequately protected due to a lack of cybersecurity resources. Allan Liska of cybersecurity firm Recorded Future says ransomware has likely impacted over 5 million US students, and according to a survey by the Center for Internet Security, nearly one-third of all American school districts had been breached by the end of 2021. In a recent survey tech-focused nonprofit the Consortium for School Networking found thatonly 16% of districts had full-time network security staff, with nearly half devoting 2% or less of their IT budgets to security, and schools find it hard to attract talent away from corporations with deeper pockets. The New York Post examines the impact of cyberattacks on US schools by taking a closer look at the recent incident at Minneapolis Public Schools, a 36,000-student district in the US state of Minneapolis. After the district refused to pay the demanded $1 million ransom, the hackers published 300,000 stolen files containing intimate student data including medical records, Social Security numbers, and highly sensitive details on abuse cases, psych records, and suicide attempts. Links to the data were shared on social media platforms like Facebook as well as on underground cybercrime forums, and a note naming three students involved in a sexual abuse complaint was even featured on a video on Vimeo. The attack occurred months ago, but the district is still struggling to make good on its promise to contact all of the impacted individuals. Greta Callahan of the Minneapolis Federation of Teachers stated, “Everything they’ve learned about this is from the news.” The district has remained tight-lipped about details about the incident, including the total number of victims, despite pleas from the school community for more transparency. Emsisoft threat analyst Brett Callow explains, “A massive amount of information is being posted online, and nobody is looking to see just how bad it all is. Or, if somebody is looking, they’re not making the results public.” Federal funding for school cybersecurity is limited, and Minnesota’s chief information security officer said he only received $18 million this year to spread across 3,600 different entities.
MOVEit vulnerability exploitation leads to theft of millions of insurance records.
ThinkAdvisor reports that 6 million US life and annuity insurance client records were exposed in a data breach linked to the mass-hack of the MOVEit file transfer application. The impacted insurers MOVEit to exchange data with population management firm PBI Research Services. The compromised institutions include Genworth Financial (likely the most impacted with 2.5 to 2.7 million records exposed), Wilton Re, F&G Annuities & Life, Jackson National, Talcott Resolution Life, and Corebridge Financial. It’s worth noting that the total number of impacted customers may be much smaller than the number of records affected, as some individuals may have had more than one record included in the attack. The companies say that while they are still investigating the full impact of the attack, it seems unlikely the incident will affect their operations. Jackson National stated in a filing with the US Securities and Exchange Commission, “Notably, the unauthorized actor did not gain access to any other systems or software, there was no interruption of Jackson’s business operations.” The Cl0p ransomware gang has taken credit for the hack, which has been rippling through hundreds of institutions since the discovery of the MOVEit vulnerability in late May.