DePauw University warns of data breach as ransomware attacks on colleges surge

DePauw University warned students this week that their personal information may have been accessed by hackers who attacked the school.

The school newspaper reported that on November 27, current and prospective students were sent letters notifying them of a data leak and providing them with one year of free identity protection services.

The liberal arts school — which is in Greencastle, Indiana, and serves about 1,700 students — published its own advisory about the incident. IT officials said they detected the cyberattack on October 31 and worked with federal law enforcement agencies as well as cybersecurity experts to investigate the incident.

“Although the investigation is ongoing, the preliminary investigation has revealed that a limited amount of data on specific individuals was accessed. Those individuals whose data was compromised have received a notification via mail and we will provide them with resources to protect their identity,” they said.

“We regret the impact this incident has had on our community, and we are reviewing all our current security protocols and adding additional measures to enhance security as needed.”

The school added that the reason it had the information was because it “maintains certain personal information for standard enrollment and administrative purposes.”

Officials did not say what information was accessed and did not respond to requests for comment.

This week, the Black Suit ransomware gang said it was behind the attack, claiming to have stolen 214 GB of data.

Black Suit has listed DePauw University. #ransomware 1/ pic.twitter.com/B3AkAdQUQy

— Brett Callow (@BrettCallow) November 30, 2023

The public became aware of the attack on November 1, when the campus internet went down. Students lost access to campus printers, email, the internet and the university network.

The attack on DePauw University adds yet another school to the lengthy list of educational institutions attacked by ransomware gangs this year. Emsisoft ransomware expert Brett Callow said at least 76 post-secondary schools have been impacted by ransomware so far in 2023, far outpacing the 44 colleges and universities attacked in 2022.

Allan Liska, a threat intelligence analyst at Recorded Future, said there are a variety of reasons why attacks on universities and colleges increased this year. The Record is an editorially independent unit of Recorded Future.

“There are definitely more reporting requirements for schools than in the past, but I do think the attacks on schools are driven by the increased number of ransomware groups out there, combined with the fact that schools are seen as an ‘easy target,’” he said.

“There are also certain ransomware groups that like to target schools specifically.”

Some ransomware groups almost exclusively target schools, like Rhysida and LostTrust.

Liska said he was also seeing a stark increase in attacks on all types of schools worldwide, including K-12, colleges and universities.

Overall, he has tracked 246 of those ransomware attacks in 2023, up from 189 attacks last year.