Vice Society Hacks Another School
Table of Contents
- By Steven
- Jan 09, 2023
Vice Society is a Russian ransomware group that targets public and private education systems. The group was responsible for the Los Angeles Unified School District (LAUSD) hack, which affected more than 300,000 teachers and students from LA. They were also behind various hacks and breaches that left multiple colleges and universities crippled through 2021 and 2022. Xavier University has been added to the group’s ever-growing list of schools.
How Did the Attack Occur?
Xavier University, a private Christian university in New Orleans, Louisiana, discovered the breach when encryption struck its systems. The school immediately contacted a third party to investigate the data breach, as the school’s goal was to keep students and staff safe.
What Information Was Viewed or Stolen?
There were both students and staff affected by the breach. Vice Society claimed the breach and alleged to have leaked the information – stolen in mid-November – on December 20, 2022. The details included social security numbers, payroll, personal finances, disciplinary actions, and misconduct allegations. It is unclear whether or not the information Vice Society posted is actually from Xavier University or if the claim of the breach is a bluff. Still, considering how many other schools the group has victimized, it is safe to assume it’s accurate.
How Did Xavier University Admit to the Breach?
Xavier University admitted to the breach by emailing staff and students on December 22, 2022. The university has been reached for comment by various news sources but has yet to make an official statement about the breach, encryption, or Vice Society’s claim on the breach. However, the email sent to students and faculty explained that the breach was described as an “encryption event.” The Univesity’s president, Reynold Verret, signed the emails, saying, “We have since learned that malicious actors claimed to have stolen personal information from students and employees during the event.”
What Will Become of the Stolen Information?
Unfortunately, we are already seeing that the information is being released. It is unclear whether or not Vice Society will sell the information or if it will give it to the general public – or at least the dark web’s equivalent. Something we wouldn’t generally think of is that most people would rather their information be sold than given away. If a hacker is selling the information, fewer people will access it, keeping you safer in the long run.
What Should Affected Parties Do in the Aftermath of the Breach?
After a breach like this, people can take several steps to protect themselves. Whether you were victimized or not, there are always steps to take to make yourself safer. We recommend investing in credit and device monitoring. You can also invest in identity monitoring services and dark web monitoring. That way, should any of your personal data wind up somewhere it shouldn’t be, you get a notification that lets you change passwords and update your information immediately. You should also update passwords that have not been changed in the last three months to keep everything as protected as possible.