DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Stratford University discloses ransomware attack — but which ransomware attack?

Posted on January 27, 2023 by Dissent

In September 2022, DataBreaches reported Stratford University had been the target of three ransomware attacks in previous months by REvil, Snatch Team, and Avos Locker.  Snatch Team and Avos Locker had informed DataBreaches that neither had encrypted Stratford’s files; they exfiltrated and attempted to ransom them. Stratford never responded to inquiries from DataBreaches about the multiple claimed attacks.

DataBreaches’ report on Stratford University was published on September 8. At some later date, the school announced it was closing at the end of that term. The closure was reportedly not related to cyberattacks but to accreditation issues and finances that had arisen in August.

Stratford University has filed a breach notification with the Maine Attorney General’s Office. The report indicates that the breach occurred on August 26, 2022.

The appended notification letter, submitted to Maine appears to be reporting a single ransomware attack. There is no mention of attacks by multiple groups or data leaks by various bad actors. So which attack were they reporting?

REvil’s attack had been disclosed by REvil back in April of 2022. Snatch Team added their attack to their own leak site on August 17, presumably before the attack Stratford reported as occurring August 26.  On January 15, 2023, Snatch Team dumped more than 50 GB of files from the school on their leak site. And  Avos Locker started leaking the school’s data on September 7.  So was it the Avos attack the university reported last week?  And if so, were the other attacks ever disclosed to students or employees or to regulators?

The personal information obtained in the August attack reportedly included first and last name, phone number, address, email address, date of birth, student identification number, passport number, and Social Security number.

Stratford reported that a total of 78,692 individuals were affected. Presumably that is for the one incident they reported.

Although the university is now closed, a breach notice is linked from their home page.

DataBreaches sent an email inquiry to the university’s external counsel to inquire about the report to Maine and whether all three attacks were ever disclosed. No reply was immediately received. This post will be updated when a reply is received.

Category: Breach IncidentsCommentaries and AnalysesEducation SectorMalwareOf NoteU.S.

Post navigation

← Lutheran Social Services of Illinois notifies 184,183 of ransomware attack one year ago
Zacks Investment Research notifies 820,000 clients →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them
  • Iranian Man Pleaded Guilty to Role in Robbinhood Ransomware
  • Developments surrounding data breach at Dutch police
  • Estonia launches international search for Moroccan citizen wanted over data theft
  • Now it’s Tiffany: Another LVMH luxury brand hit by hackers
  • Dutch Government: More forms of espionage to be a criminal offence from 15 May onwards
  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.