St. Joseph’s College of Maine over the weekend confirmed that it notified 126,580 people of a December 2023 data breach that compromised SSNs and other private data. Ransomware gang Clop claimed responsibility for the breach in March 2024. Something to note is that it took the school more than a year after discovering the breach to notify victims.
In a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote:
“Clop, or Cl0p, is a high-profile ransomware group that first surfaced in 2019. Its latest wave of claims mostly involve exploiting vulnerabilities in the Cleo file transfer software, which is used by many organizations. Like some other ransomware groups, Clop doesn’t always encrypt files. Instead, it demands ransoms solely in exchange for not selling or publishing stolen data.”
“Clop claimed some of the largest ransomware attacks to date, including those on Fortra (GoAnywhere) and MOVEit (Ipswitch). Those two attacks alone breached about 102 million records.”
“In 2025 so far, Clop claimed one confirmed attack on manufacturing company Uniek. The group claimed another 331 unconfirmed attacks this year that haven’t been acknowledged by the targeted organizations. Most of those claims stem from the Cleo vulnerability exploit.”
“Comparitech researchers logged 124 confirmed ransomware attacks on US schools colleges, and other educational institutions in 2023, compromising more than 3 million records. 2024 saw a dip with 72 such attacks compromising 2.5 million records. In 2025 so far, we have tracked 10 confirmed attacks on US schools. The average ransom is just under $700,000.”
“Ransomware attacks on schools and other education facilities can disrupt day-to-day operations such as taking attendance, submitting grades, phone and email communications, billing, payroll, and assignments. Ransomware attacks are often two-pronged: they lock down systems and steal data. Schools that refuse to pay can face extended downtime, lose data, and put students and faculty at increased risk of fraud.”
The fact this is coming out a year later means that victims have no hope of even attempting to protect themselves. That’s because their data is likely already out there. That’s rally bad as 126K people are guaranteed to be repeated victims through no fault of their own. And that really sucks.
Like this:
Like Loading...
Related
This entry was posted on March 24, 2025 at 3:13 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
St. Joseph’s College of Maine notifies 126K people of data breach via Clop ransomware
St. Joseph’s College of Maine over the weekend confirmed that it notified 126,580 people of a December 2023 data breach that compromised SSNs and other private data. Ransomware gang Clop claimed responsibility for the breach in March 2024. Something to note is that it took the school more than a year after discovering the breach to notify victims.
In a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote:
“Clop, or Cl0p, is a high-profile ransomware group that first surfaced in 2019. Its latest wave of claims mostly involve exploiting vulnerabilities in the Cleo file transfer software, which is used by many organizations. Like some other ransomware groups, Clop doesn’t always encrypt files. Instead, it demands ransoms solely in exchange for not selling or publishing stolen data.”
“Clop claimed some of the largest ransomware attacks to date, including those on Fortra (GoAnywhere) and MOVEit (Ipswitch). Those two attacks alone breached about 102 million records.”
“In 2025 so far, Clop claimed one confirmed attack on manufacturing company Uniek. The group claimed another 331 unconfirmed attacks this year that haven’t been acknowledged by the targeted organizations. Most of those claims stem from the Cleo vulnerability exploit.”
“Comparitech researchers logged 124 confirmed ransomware attacks on US schools colleges, and other educational institutions in 2023, compromising more than 3 million records. 2024 saw a dip with 72 such attacks compromising 2.5 million records. In 2025 so far, we have tracked 10 confirmed attacks on US schools. The average ransom is just under $700,000.”
“Ransomware attacks on schools and other education facilities can disrupt day-to-day operations such as taking attendance, submitting grades, phone and email communications, billing, payroll, and assignments. Ransomware attacks are often two-pronged: they lock down systems and steal data. Schools that refuse to pay can face extended downtime, lose data, and put students and faculty at increased risk of fraud.”
The fact this is coming out a year later means that victims have no hope of even attempting to protect themselves. That’s because their data is likely already out there. That’s rally bad as 126K people are guaranteed to be repeated victims through no fault of their own. And that really sucks.
Share this:
Like this:
Related
This entry was posted on March 24, 2025 at 3:13 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.