Not a lot of detail here, but these things are never good.
More than a week after Stephen F. Austin State University was hit with a cyberattack, leaders at the public university in the East Texas Pineywoods are still working to fully restore email and other online services for the 11,600-student campus.
University spokesperson Graham Garner confirmed Tuesday that the Federal Bureau of Investigation is looking into the incident, which occurred about 10 days ago, but did not provide any additional details. In a statement, a spokesperson for the FBI Dallas field office confirmed the investigation but declined to provide more information about the investigation.
While the university has restored access to the internet and the university’s online teaching portal, students and faculty say the hack has caused serious disruptions, especially for students taking summer courses.
The university said the cyberattack occurred sometime between June 10-12. Once it was discovered, the school cut off internet access to stop any further breaches to its system.
Since then, the University of Texas System has helped SFA investigate and respond to the attack. SFA is in the midst of joining the UT System after the Texas Legislature recently approved legislation allowing the independent university to join the UT system.
Garner said SFA police are working with the FBI on the investigation. He said the university has not found evidence that any personal or sensitive financial information was accessed in the breach. The attack also appears unrelated to a ransomware attack from a Russian group that hit multiple federal agencies, U.S. companies and state governments.
The Russian group behind the ransomware attack cited in the story is not the same as the Russian group involved in the Dallas ransomware attack. There wasn’t much coverage of the SFA attack when it happened, and I can’t tell what we’re talking about because the reporting is so vague, most likely because SFA gave out very limited information about it. Ransomware? Other malware? Data exfiltration? Files/websites/other systems defaced or trashed? I have no idea. It would be nice to get some kind of final report with clear information, but I don’t know that there’s any requirement for SFA to provide that to anyone other than its own internal stakeholders. That might be fertile ground for future legislation, but if so I sure hope it comes with more funds to protect the various public institutions that are being victimized by these attackers. We do still have a lot of that surplus left, you know.