The Cl0p ransomware group claimed to gain access to financial documents and passport information from students and staff from six top universities in the USA.
The group leaked proof of the stolen data online on the 29th of March. The universities included are the following:
- The Yeshiva University
- The Stanford University
- The University of Miami
- The University of Maryland
- The University of Colorado Boulder
- The University of California, Merced
The records leaked include screenshots revealing federal tax documents, requests for tuition remission paperwork, applications for the Board of Nursing, passports, and tax summary documents.
This leak also includes data snapshots that are exposing sensitive information, namely:
- Photos
- Dates of birth
- home addresses
- Passport numbers
- Immigration status
- Names of individuals
- Social Security numbers
In detail, the ransomware group published a list of individuals and their Social Security numbers, retirement documentation, and 2019/2020 benefit adjustment requests.
The leaked data also appears to include late enrollment benefit application forms for employees and the UCPath Blue Shield health savings plan enrollment requests.
At the moment, no notification was issued by the universities targeted by the ransomware gangue.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.