40k Students Personal Info Compromised In Cyberattack

Students and staffers at Xavier, an HBCU in Louisiana, recently found out hackers have their information.

02.16.23
40k Students Personal Info Compromised In Cyberattack (@xula1925 via Instagram)

Baltimore, MDXavier University of Louisiana (XULA), an HBCU based in New Orleans, suffered from several cyberattacks dating back to November of last year, however this month it was revealed that over 40,000 students and employees' information were compromised.

In the original attack, the school began experiencing a network disturbance later described by XULA’s president as an “encryption event.” The president of the university, Reynold Verret, notified the intuition that there would be “​​an investigation with the assistance of outside cybersecurity experts.”  XULA filed with the office of Maine’s attorney general. Verret stated, "we have since learned that malicious actors claimed to have stolen personal information from students and employees during the event,” in an email that was sent out to the study body and faculty. 

On Jan. 24 after the university worked with cybersecurity experts, it was revealed that “the investigation determined that student and vendor personal information may have been acquired without authorization during the incident.”

The university is also notifying students and employees who they believe may have sensitive information leaked. The data breach this week involved Social Security numbers and other personal information from 44312 people in their system according to their claim with Maine’s Attorney General.

Vice Society, a ransomware gang, is known for leaking private information belonging to schools. According to govtech.com Vice Society “leaked sensitive personal data belonging to Xavier University students and employees, apparently, after university officials refused to meet their demands.” The ransomware gang originally made a threat on Dec. 20. Brett Callow, a threat analyst with the cybersecurity firm Emsisoft who monitors ransomware attacks explained that other information such as payroll and personal finances could be leaked as well. 

Vice Society, which appears to begin cyberattacking schools in the summer of 2021, is also responsible for stealing “500GB of files containing Social Security numbers, passport details, student psychological assessments and other information” from the Los Angeles Unified School District.

According to cybersecurity.com, “at least 44 universities or colleges and 45 U.S. school districts were hit by ransomware attacks in 2022.” This is the act where schools are threatened to have private information hacked and published to the dark web if they do not pay the hackers the designated amount. 

The number of schools being affected by cyberattacks continues to grow, “data breaches reached an all-time high in 2021; up 68 percent from the previous year.” HBCUs have been experiencing data breaches at a higher rate as well, just last year North Carolina A&T University also was a victim of ransomware.  

XULA, America's only historically Black catholic university, is looking forward to further investigating the breach and restoring security to its system. The university is also offering all individuals whose information was involved 12 months of complimentary services through Experian, which includes credit monitoring, dark web monitoring, $1 million identity fraud loss reimbursement policy, fully managed identity theft recovery services, and 90 days access to a call center.

Support the Next Generation of Content Creators
Invest in the diverse voices that will shape and lead the future of journalism and art.
donate now
Support the Next Generation of Content Creators
Invest in the diverse voices that will shape and lead the future of journalism and art.
donate now