Two French universities have been attacked during the festive season. The attackers allegedly walked away with the data of thousands of students.
The University of Lille and the Grenoble École de Management were reportedly targeted by a cyberattack this week.
The names of both schools appeared on an infamous hacker forum on December 29th, potentially exposing thousands of students.
The recent attacks add to what has been a challenging year for France on the cyber front, as it is still recovering from the attacks on its Ministry of the Interior.
Cyberattacks on universities mirror a broader trend seen across the Atlantic, where elite academic institutions, such as Columbia, Yale, and Harvard, all experienced cyber incidents this year.
How much data was stolen from Grenoble Ecole de Management?
In one of the posts, an attacker codenamed CZX claims to have breached the Grenoble Ecole de Management systems in November, exfiltrating sensitive data and potentially affecting over 400,000 individuals.
Situated in the capital of the French Alps, Grenoble Ecole de Management serves over 7000 students.
According to the listing on the forum, the 1.35GB of stolen data includes:
- Names
- Emails
- Phone numbers
- Postal addresses
- Academic backgrounds
- Professional information
- Event participation statuses
- Internal segmentation
- Opt-in / opt-out information of subscribers
- IP addresses
The Cybernews research team has investigated the data files provided by the attacker, and it appears to be an exfiltrated mailing list taken from a CRM or marketing system.
The emails in the data sample include students as well as outsiders, who are potentially newsletter subscribers or leads. The attacker has previously posted about other French companies and institutions that they allegedly breached.
Cybernews has reached out to the affected school for confirmation, but a response has not yet been received.
Data breach at one of France’s biggest universities
On the same day, another well-known cybergang, the LAPSUS$ Group, bragged about hacking one of the most prominent French universities, located in Lille and serving over 80,000 students.
The post claims that the gang stole:
- Internal identifiers (NIP)
- Names
- Dates of birth
- Postal addresses
- Personal and professional emails
- Phone numbers
- Administrative data
The Cybernews research team checked the dumped dataset, and it appears that the breach affected nearly 2,000 students. The university responded to Cybernews, that the claims involve old data.
LAPSUS$ is a known name in the cyber underground. This year, the group merged with Scattered Spider and Shiny Hunters, forming Scattered LAPSUS$ Hunters.
Identified by Google threat researchers in June, the gang is believed to be responsible for a series of Salesforce attacks that impacted prominent cybersecurity companies, including Palo Alto Networks, Cloudflare, and Zscaler. The trio also claimed breaches at Dell, Verizon, Telstra, Lycamobile, and Kuwait Airways.
Shortly after, the trio declared a cease to activities, because it had “achieved its goals of exposing weaknesses in digital security.”
However, security researchers believe this is a maneuver to reorganize after recent arrests.
Students at risk
If the claims about the recent attacks on French universities prove to be legitimate, it might put students at risk.
“What we're seeing here are two breaches with remarkably similar exposure patterns. In both incidents, the fundamental contact information is compromised, such as names, email addresses, phone numbers, and residential addresses,” our researchers explained.
“However, the Université de Lille breach does present an additional concern. The exposure of dates of birth alongside that other personal information significantly elevates the threat profile, increasing risk of identity theft.”
French institutions attacked
Just a couple of weeks ago, attackers boasted of accessing France’s Ministry of the Interior (Beauvau) and compromising several sensitive systems controlled by the French Ministry of the Interior. The ministry has confirmed that it suffered a cyberattack and has since arrested a suspect.
In November, the French division of Eurofiber suffered a data breach in which some customer information was exfiltrated.
According to the company’s announcement, the attackers managed to gain access to the ticket management platform used by Eurofiber France and its regional brands, including Eurafibre, FullSave, Netiwan, and Avelia.
Columbia, Yale, and Harvard all breached this year
In October, the cybercrime group Cl0p successfully exploited a critical zero-day bug in Oracle’s E-Business Suite, which led to the alleged compromise of hundreds of companies and organizations.
Among the victims was Harvard University. According to Cybernews researchers, Cl0p has shared 1.4TB of data on its leak site on the Dark Net.
The published data includes logs and reports from Harvard’s internal payment system as well as source code for various internal tools.
In August, Columbia confirmed a data breach to authorities, which exposed the personal details of nearly 900,000 individuals who either attempted to enroll at the university or studied there.
In April, a ransomware gang targeted a hotel chain serving Yale University. According to the attackers’ claims, private confidential data, client documents, and financial information were stolen.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked