Ransomware attack on leading Georgia art college leads to data leak

Savannah College of Art and Design (SCAD) — an acclaimed art school in the U.S. serving more than 15,000 students — suffered a ransomware attack that leaked the sensitive information of hundreds of people. 

A spokesperson for the school told The Record that it recently discovered a hacker had gained access to SCAD’s information network systems. 

The school hired third party cybersecurity experts who isolated the incident and launched an investigation. Law enforcement has been notified and is working with cybersecurity experts on the investigation, they said.

“Due to the university’s early detection and rapid response, the incident had no operational impact to the university,” a spokesperson said. “After a forensic investigation, SCAD has reason to believe that a limited number of files containing personal information of certain current and former students and employees were accessed by the unauthorized actor responsible for the incident.” 

The school said it has already notified all of the people who had information accessed during the attack and has provided them with ways they can protect themselves. They did not say what information was accessed. The college was ranked the top art school in the U.S. last year by Art & Object and says it has students from 120 countries. 

This weekend, the AvosLocker ransomware group added SCAD to its leak site, giving the school a two week deadline to pay an undisclosed ransom. 

The group claims to have stolen a database of phone numbers, email addresses and more. Experts at DataBreaches.net examined the data leaked by AvosLocker and found that the group managed to take at least 69,000 files that contained student information, personnel files and business data. 

This included passports, bank statements, disciplinary files and other documents that had Social Security numbers, according to DataBreaches.net. The ransomware group told the website that SCAD allegedly negotiated with them for an undisclosed ransom but did not end up paying.  

The AvosLocker gang updated its leak site in October 2021 and created a system allowing them to auction off stolen data from organizations that refuse to pay ransoms.

Emsisoft threat analyst and ransomware expert Brett Callow said SCAD is the 24th U.S. college or university hit with ransomware in 2022. Throughout 2021, Emsisoft tracked 26 total ransomware attacks on colleges and universities in the U.S. 

Ohlone College, Savannah State University, University of Detroit Mercy, Centralia College, Phillips Community College of the University of Arkansas, National University College, North Carolina A&T University, Florida International University, Stratford University are just a few of the U.S. schools attacked with ransomware this year.

The FBI said in May that Russian cybercrime forums are teeming with the network credentials and virtual private network accesses of employees from U.S. colleges and universities. 

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.