Pacific Union College Acknowledges Ransomware Attack, but Denies Data Breach Despite Hackers’ Claims | Console and Associates, P.C. | #ransomware | #cybercrime

On May 3, 2023, Pacific Union College (“PUC”) posted a data breach notice on its website after confirming that an April 2023 “cybersecurity issue” turned out to be a ransomware attack. More recently, databreaches.net spoke with the ransomware group responsible for the attack, confirming that the incident resulted in the personal information of current and former students and faculty, donors, and parents being leaked. Despite this, PUC recently claimed that there is no evidence that personal information has been compromised. It appears that PUC is still in the process of investigating the breach. Once the College completes its investigation, it will be required to provide a data breach letter to anyone whose information was leaked as a result of the recent ransomware attack.

If you receive a data breach notification from Pacific Union College, it is essential you understand what is at risk and what you can do about it. While data breach letters have not yet been sent out by PUC, possible victims of the breach should immediately take steps to secure their confidential information. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Pacific Union College data breach, please see our recent piece on the topic here.

What We Know So Far About the Pacific Union College Breach

News of the Pacific Union College data breach is still fresh; however, what we know at this point comes from the two short posts on PUC’s website, as well as a report by databreaches.net. According to these sources, on April 7, 2023, PUC posted notice of a “cybersecurity issue” that impacted the school’s internal networks, phone systems, and web services.

Several weeks later, on May 3, 2023, PUC posted an update explaining that it confirmed the cybersecurity issue was due to a recent ransomware attack. However, in the same post, PUC notes that there was no evidence that any personal information was compromised.

Meanwhile, databreaches.net reached out to the Trigona ransomware group, which took credit for the attack. A representative of the group explained that they were able to remove 120 GB of data, including employees’ and students’ personal information. This includes names, addresses, dates of birth, full Social Security numbers, criminal history, marital status and more.

The Trigaona ransomware group’s representative also indicated that it had been in negotiations with PUC for about a month before negotiations terminated. Trigona is unique from other ransomware groups in that it often privately sells data if an organization doesn’t pay a ransom. This can make it difficult to impossible for the organization to determine what information was leaked because it isn’t publicly available.

It remains to be seen how PUC will handle the breach from this point forward. However, once the College confirms that personal information was removed from its computer network, it will be required to send out data breach letters to all individuals whose information was compromised as a result of the recent ransomware attack.

More Information About Pacific Union College

Originally founded as Healdsburg Academy in 1882, Pacific Union College is a private liberal arts college located in Angwin, California. PUC offers approximately 60 undergraduate majors and three master’s programs, which are organized in 25 academic departments. Pacific Union College is affiliated with the Seventh-Day Adventist Church and is the only four-year college in Napa County, California. Pacific Union College employs more than 400 people and generates approximately $32 million in annual revenue.

Source link

How can I help you?
National Cyber Security