A dark web user with the username “niggy” has claimed responsibility for the University of Minnesota data breach on a dark web forum.
According to the user, unauthorized access was gained to the university’s database, potentially exposing sensitive information, including over 7 million unique Social Security Numbers (SSNs). However, official confirmation of the breach is yet to be provided.
I’ve counted over 7 million unique Social Security Numbers in the data I exfiltrated, so safe to assume there’s data of at least that many people, but probably more”, reads the dark web user’s post.
To confirm the alleged University of Minnesota data breach, The Cyber Express has reached out to the university. This report will be updated once their response is received.
Amidst the University of Minnesota data breach, other organizations have also fallen victim to a new hacking group known as “cactus blog” DLS, further highlighting the growing threat of cyber attacks.
University of Minnesota data breach explained
The University of Minnesota data breach appears to have been carried out by a threat actor operating under the pseudonym “niggy.”
The hacker claimed to have exploited Computer Niggy Exploitation (CNE) to access the university’s data warehouse, containing records digitized since 1989. This database system stored valuable and sensitive information about students, faculty, and staff.
The attacker’s intentions have been driven by providing Signals Intelligence to their connections on the Fediverse. The goal was to analyze the effects of affirmative action following a recent Supreme Court ruling, using admissions data obtained from the University of Minnesota data breach.
The leaked data includes two tables in CSV format, “PS DIVERSITY” for diversity statistics and “PS_DWAD_APPL_DATA_HS” for admissions statistics. This information could be used to calculate, for example, the average ACT scores of admitted students based on their race.
The authenticity of the hacker’s claim has not been verified at this stage, leaving the university and its community anxious about the potential magnitude of the University of Minnesota data breach.
University of Minnesota data breach: The list goes on!
In addition to the University of Minnesota data breach, a new hacking group known as “cactus blog” DLS has surfaced. This group has already targeted various organizations, listing 18 victims on their dark web portal.
Among the affected entities are Americold Logistics LLC, The Wasserstrom Company, Phoenix Taxis, and many others. The extent of the data exposed and the specific motives behind these attacks are yet to be disclosed.
Here is a list of all the alleged victims following the University of Minnesota data breach:
- Americold Logistics LLC
- – The Wasserstrom Company
- – Phoenix Taxis
- – Rotomail Italia Spa
- – Reyes Automotive Group
- – Artemide
- – Novobit AG
- – Michigan Production Machining Inc
- – Italkraft
- – Imagination
- – Hawa Sliding Solutions AG
- – CWS Digital Solutions
- – ScanSource
- – Confartigianato Federimpresa FC
- – Biocair
- – American Meteorological Society🇺🇸
- – AgoraVita
- – Grupo ACA
The University of Minnesota data breach is just one of today’s data breaches targeting educational institutions.
The Cyber Express previously reported cyber attacks on multiple universities, colleges, and educational institutions. Threat actors have claimed attacks on Bluefield University, Whitworth University, Israel’s Technion University, University of Colorado, Montana State University and many more.
This emphasizes the increasing attacks targeting universities and underscores the urgency for the government and the educational sector to enhance their cybersecurity measures. The situation also brings to light the vulnerabilities of students, who are at higher risk in the event of a data breach.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.