Data Breach Exposes Sensitive Information of Riverdale Country School Students, Parents, and Faculty
Ransomware Attack
A notorious group of cybercriminals, known as RansomHub, has published the sensitive data of an elite private school in the Bronx after infiltrating the school’s computer system with malicious ransomware. The stolen data, which includes biographical information, contact information, and personal medical information, was posted on the dark web and is available for download for free.
Data Leak
The leak was announced on February 20, when RansomHub announced that it had stolen Riverdale Country School’s data and posted a countdown clock, giving the school just over five days to meet its demands. After the clock ran out, RansomHub published the 42 GB of data to its darknet website, updating the post to read "Published" in green letters.
Consequences of Data Breach
The leaked data has been viewed over 4,000 times as of March 5, and cybersecurity experts warn that the sensitive information may be used for nefarious purposes. Luke Connolly, a cybersecurity threat analyst with Emsisoft, notes that publishing the data was a strong indication that the school had not complied with the crime organization’s demands, in line with Federal Bureau of Investigation guidance for ransomware victims.
Paying Ransom is Not the Solution
Connolly also emphasizes that paying the ransom is not the solution, as it only perpetuates the problem. "If you pay the ransomware, you’re supporting their criminal activities and supporting their attempts to find further victims down the road," he said.
Regulation and Protection
The need to protect client and user data remains a key priority in both state and federal policy. Laws such as the Family Educational Rights and Privacy Act (FERPA) and New York’s Part 121 2-d of the Regulations of the Commissioner of Education regulate the unauthorized release of personally identifiable information. However, these protections primarily apply to schools receiving federal funding, leaving many private institutions outside their scope.
Recent Incidents
Riverdale Country School is just one of many schools where personally identifiable information has been stolen recently. In fact, a major software company specializing in School Information Systems called Power Schools was attacked with ransomware in late December, compromising the data security of schools all over the country, including in New York State and prompting at least one class action lawsuit.
Conclusion
The recent data breach at Riverdale Country School serves as a stark reminder of the importance of protecting sensitive information and the risks associated with ransomware attacks. As the world becomes increasingly digital, it is essential to prioritize cybersecurity and implement robust measures to prevent data breaches.
FAQs
Q: What happened to the data?
A: The sensitive data of Riverdale Country School students, parents, and faculty was stolen and published on the dark web.
Q: Who is responsible for the data breach?
A: A notorious group of cybercriminals, known as RansomHub, is responsible for the data breach.
Q: What information was leaked?
A: The leaked data includes biographical information, contact information, and personal medical information.
Q: What is the impact of the data breach?
A: The leaked data has been viewed over 4,000 times, and it may be used for nefarious purposes.
Q: What is the solution to prevent data breaches?
A: Implementing robust cybersecurity measures, such as regular data backups and updates, is essential to prevent data breaches.
