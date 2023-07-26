NACOGDOCHES — The vast majority of documents stolen from Stephen F. Austin State University in a June cyberattack have been sold while the rest have been leaked on the dark web, the hackers behind the attack said this week.
Around 95% of the 1.2 terabits of data that the international hacking group Rhysida says it stole from the university sold “to our regular customers,” the organization said in an email.
“Now their fate does not depend on us, and what will happen to their data is not our concern,” a representative from Rhysida said in the email.
Rhysida did not say how much money they received for the data, but it was initially listed for 30 Bitcoin — around $900,000.
Around 47 gigabytes of data containing nearly 30,000 files was not sold and was leaked on the dark web for “data hunters,” according to the hacking group’s website.
“Based on our review of the files that were taken, we identified certain files with personal information, including approximately 100 individuals’ government-issued identification numbers and approximately 8,600 counseling records,” said Graham Garner, chief marketing officer for SFA and the university’s spokesman.
Rhysida in a series of emails to The Daily Sentinel has frequently accused the university of lying about the scope of the attack.
“Unfortunately, the university representatives did not take the chance to save their honor and dignity and continued to lie to you about the fact that we have documents for no more than 100 people,” the group said in its latest email.
The university is offering one year of credit monitoring and identity theft protection to people whose identifying information were stolen, Garner said.
“SFA is mailing letters to individuals whose information was involved. The letters include steps individuals can take to help protect their information,” Garner said.
SFA was able to identify “a few departmental servers” that were accessed during the cyberattack that is believed to have taken place between June 10 and 12, Garner previously said.
Some of the stolen data included passports, driver’s licenses and Social Security numbers.
The university was given an option to buy back its stolen data, the hackers said.
“I would also like to inform you that in the process of negotiations the university offered only 300 thousand dollars for its irresponsible storage of personal data of staff and students,” the group said in an email.
Investigators and cybersecurity specialists “may have negotiated,” Garner said, but had no “intent to actually pay criminals.”
The FBI and other agencies discourage paying ransoms after cyberattacks.
Rhysida first reached out to The Daily Sentinel June 22, when it leaked 28 files mostly dated between August and December 2022. Some went back as far as 2013.
University Police Department files, W-9 and contractor applications and passport documents were included in the stolen documents. Two days later, the group leaked 11 documents it said it stole from Lumberton ISD during the same time period as the SFA attack.
The attack has spawned a large-scale investigation from SFA’s informational technology department, other cybersecurity experts and law enforcement agencies including the FBI.
FBI officials in Dallas have declined to comment, citing the ongoing investigation.
Nacogdoches Daily Sentinel staff writer Andrew Hodge contributed to this report.
