Share this article on:
Breaking news and updates daily. Subscribe to our Newsletter
After suffering a ransomware attack nearly a fortnight ago, for which it declined to pay a ransom, Ireland’s Munster Technological University has had the personal details of some of its staff and students posted online.
The data — all 6GB of it, including bank account details and medical information — was posted on the weekend by the BlackCat ransomware group.
MTU was forced to cancel classes after IT and communications were disrupted across its four campuses in Cork after the initial attack, which took place on the weekend of 4 February. The incident was reported by the university on 7 February.
During the rest of the week, MTU worked with law enforcement, the National Cyber Security Centre, and the Data Protection Commission to investigate the incident, and admitted on 8 February that it was, in fact, a ransomware attack.
“The incident resulted in the encryption of certain MTU systems for the purpose of demanding a ransom,” the MTU wrote. “The nature and extent of this incident, including what data may have been breached, remains under investigation. Students and staff do not need to take any action at this time and MTU will notify any affected individuals in line with our data protection obligations.”
The next step the university took was to secure a High Court injunction against the publication or possession of the exposed data. It may seem a curious move, and one unlikely to sway the hackers (which it most certainly did not), but it does stop any other third party from sharing the data.
“MTU will seek to enforce that injunction as far as possible,” the university said on 10 February. “To that end, MTU has engaged specialist services to closely monitor the internet for any possible leak of data.”
Classes returned to campus on the 13th this week, after the data was released.
“We are continuing to review and investigate the incident and, in particular, the release of data on the ‘dark web’ so that we can provide any persons affected by this incident with further updates and guidance where necessary and as soon as practicable.”
The incident serves as an insight into the timeline of such breaches, how organisations respond and report them, and, of course, the consequences.
Comments powered by CComment