Lee University in TN this week confirmed it notified 136,928 people of a March 2024 data breach that compromised the following personal info: names, Social Security numbers, government-issued ID numbers (e.g. driver’s license, passport), financial info including credit and debit card numbers, and medical info.
Ransomware gang Medusa in April 2024 claimed responsibility for the breach, saying it stole nearly 388 GB of data from the school. Medusa demanded $1 million in ransom.
In a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote:
“Medusa is a ransomware gang that first surfaced in September 2019. It debuted its leak site in February 2023, where it publishes stolen data of victims who don’t pay ransoms. Medusa often uses a double-extortion approach in which victims are forced to pay both to decrypt their systems and for not selling or publishing stolen data.”
“In 2024, Medusa claimed responsibility for 66 confirmed ransomware attacks affecting 2.4 million records. Its average ransom demand is $590,000. This attack on Lee University is Medusa’s second largest to date by number of records compromised, following the 1.8 million records impacted in the group’s attack on Summit Pathology.”
“Ransomware attacks are a growing threat to schools and colleges worldwide. They take down key systems, shut schools for days on end, and prevent teachers from accessing lesson plans and student data. Schools must either pay a ransom or face extended downtime, data loss, and putting students and staff at increased risk of fraud.”
Schools along with hospitals are easy targets for ransomware gangs. What needs to happen is that these sectors need to get the funding that will allow them to better defend themselves. The problem is that this funding isn’t coming. So you’ll be seeing me write stories about organizations in these sectors getting pwned until that changes.
Related
This entry was posted on April 11, 2025 at 12:42 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Lee University notifies 137K people of data breach compromising SSNs
Lee University in TN this week confirmed it notified 136,928 people of a March 2024 data breach that compromised the following personal info: names, Social Security numbers, government-issued ID numbers (e.g. driver’s license, passport), financial info including credit and debit card numbers, and medical info.
Ransomware gang Medusa in April 2024 claimed responsibility for the breach, saying it stole nearly 388 GB of data from the school. Medusa demanded $1 million in ransom.
In a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote:
“Medusa is a ransomware gang that first surfaced in September 2019. It debuted its leak site in February 2023, where it publishes stolen data of victims who don’t pay ransoms. Medusa often uses a double-extortion approach in which victims are forced to pay both to decrypt their systems and for not selling or publishing stolen data.”
“In 2024, Medusa claimed responsibility for 66 confirmed ransomware attacks affecting 2.4 million records. Its average ransom demand is $590,000. This attack on Lee University is Medusa’s second largest to date by number of records compromised, following the 1.8 million records impacted in the group’s attack on Summit Pathology.”
“Ransomware attacks are a growing threat to schools and colleges worldwide. They take down key systems, shut schools for days on end, and prevent teachers from accessing lesson plans and student data. Schools must either pay a ransom or face extended downtime, data loss, and putting students and staff at increased risk of fraud.”
Schools along with hospitals are easy targets for ransomware gangs. What needs to happen is that these sectors need to get the funding that will allow them to better defend themselves. The problem is that this funding isn’t coming. So you’ll be seeing me write stories about organizations in these sectors getting pwned until that changes.
Share this:
Like this:
Related
This entry was posted on April 11, 2025 at 12:42 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.