Mercer University, a US-based private research school, was hit by the Akira ransomware gang, with criminals accessing the personal data of over 93,000 people.
The university noticed unauthorized access to its servers on April 5th, 2023, only to learn that attackers had roamed its systems for nearly two weeks in early February.
According to a breach notification letter sent out to victims whose data might have been exposed, Mercer launched an investigation and promptly informed law enforcement agencies when the breach was discovered.
“On April 30th, 2023, we discovered that some of these files may have included at least one record that contained your name, in combination with your Social Security number and/or driver’s license number,” the university said.
According to the information Mercer provided to the Maine Attorney General, the data breach impacted over 93,000 people. Exposed Social Security numbers (SSNs) or other ID documents pose a serious risk to users, as attackers can leverage the data to commit fraud.
Attackers could use the stolen data for identity theft, phishing attacks, opening new credit accounts, making unauthorized purchases, or obtaining loans under false pretenses.
Earlier this year, the Akira ransomware gang posted Mercer on the gang’s dark web blog, used to showcase its latest victims. The gang posted stolen data, saying that Mercer refused to pay the ransom.
Established in 1833, Mercer University is based in Macon, Georgia, and boasts over 9,000 students. It’s considered among the best in Southern USA, with Mercer’s financial endowments surpassing half a billion dollars in 2021.
Meanwhile, Akira is a new ransomware family, first discovered in the wild in March of this year. The gang takes its name from a Japanese cyberpunk manga of the same name. According to Sophos researchers, up until early May, the gang has posted fewer than 20 victims on its dark web blog.
Your email address will not be published. Required fields are markedmarked