DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

A second group of threat actors has now leaked Kenosha USD data

Posted on December 13, 2022 by Dissent

Oh what a tangled web we weave….

Back in October, DataBreaches reported that Snatch Team had listed Kenosha Unified School District in Wisconsin on its dedicated leak site. By the end of the day, however, the listing had been removed without any data having been leaked.

Then in November, REvil listed KUSD on their leak site, and without any fanfare or commentary, leaked data. In response to an inquiry from DataBreaches, KUSD noted that they had disclosed a ransomware attack in September and had notified employees after an investigation determined that employee data might have been acquired.

And that’s where things remained until this week when Snatch Team re-listed KUSD on their leak site and dumped data — exactly the same data that REvil had leaked.

Listing of KUSD files leaked by REvil in October. Screenshot by DataBreaches.net
Listing of KUSD files leaked by REvil in October. Screenshot by DataBreaches.net

 

Listing of KUSD files leaked by Snatch Team in November. Screenshot by DataBreaches.net
Listing of KUSD files leaked by Snatch Team in November. Screenshot by DataBreaches.net

The files, relating to personnel, are identical.

DataBreaches reached out to Snatch Team on November 29 to ask them about the fact that REvil had leaked data from KUSD and whether both teams had collaborated somehow.  Snatch’s spokesperson responded yesterday:

We have nothing to do with Revil or any other. Based on our experience, if a company does not feel responsible to its customers for the safety of confidential information, it will lose it again and again and pretend that nothing happened.

But given that Snatch leaked data from KUSD yesterday and it’s the exact same data that REvil had leaked, DataBreaches responded:

It’s just amazing that you and REvil were both in KUSD in September? And both exfiltrated exactly the same folders and no other data? And then REvil locked them, which means you had already exfiltrated before REvil deployed the locker. How did your groups not trip over each other in there? Wild coincidence…

And that’s where I think we’ll have to leave this one for now because it sounds like some affiliate may have worked with both groups or someone sold the same access to both groups around the same time. In any event, KUSD has notified those it knows was affected.

Related posts:

  • At some point, SNAtch Team stopped being the Snatch ransomware gang. Were journalists the last to know?
  • Developing: Data purportedly from Kenosha Unified School District shows up on dark web
Category: Breach IncidentsCommentaries and AnalysesEducation SectorMalware

Post navigation

← Most of the 10 largest healthcare data breaches in 2022 are tied to vendors
IN: Munster student gained access to school network and student information →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mississippi Law Firm Sues Cyber Insurer Over Coverage for Scam
  • Ukrainian Hackers Wipe 47TB of Data from Top Russian Military Drone Supplier
  • Computer Whiz Gets Suspended Sentence over 2019 Revenue Agency Data Breach
  • Ministry of Defence data breach timeline
  • Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years
  • Ransomware in Italy, strike at the Diskstation gang: hacker group leader arrested in Milan
  • A year after cyber attack, Columbus could invest $23M in cybersecurity upgrades
  • Gravity Forms Breach Hits 1M WordPress Sites
  • Stormous claims to have protected health info on 600,000 patients of North Country Healthcare. The patient data appears fake. (2)
  • Back from the Brink: District Court Clears Air Regarding Individualized Damages Assessment in Data Breach Cases

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The EU’s Plan To Ban Private Messaging Could Have a Global Impact (Plus: What To Do About It)
  • A Balancing Act: Privacy Issues And Responding to A Federal Subpoena Investigating Transgender Care
  • Here’s What a Reproductive Police State Looks Like
  • Meta investors, Zuckerberg to square off at $8 billion trial over alleged privacy violations
  • Australian law is now clearer about clinicians’ discretion to tell our patients’ relatives about their genetic risk
  • The ICO’s AI and biometrics strategy
  • Trump Border Czar Boasts ICE Can ‘Briefly Detain’ People Based On ‘Physical Appearance’

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report