This hack happened in early August, according to ABC13's reporting partners, but the university is staying tight-lipped with no statements or acknowledgement of the incident to be found on the university website or social media pages. A spokesperson briefly spoke with ABC13 reporter Lileana Pearson and said the university is working on a statement. For now, they say they want the public to know this is an ongoing investigation, which they take seriously.
Big figure pay-outs, investigations into conduct, and personal banking information, that's what ABC13's partners at the Houston Chronicle said are included in the vast University of St. Thomas data breach.
ABC13 spoke to Eric Devlin, a computer forensic examiner with the Lone Star Forensic Group. He said higher education institutions are one of the most targeted groups when it comes to cyber crimes like this.
"They have large numbers of information. They have social security numbers, they've got bank accounts, billing information, they've got all types of interesting information to obtain," Devlin said.
According to cybersecurity firm Sopho, its 2023 survey of over 200 higher education institutions found that half of the institutions caught in a cybersecurity incident paid a ransom. Devlin said it is often cheaper to pay a ransom than to hire a professional to try and recoup the stolen or locked information, but he noted that paying doesn't mean getting access back.
"Sometimes, they don't always have the keys to this, so your really good sophisticated hacker will have the keys to it and be able to do it, but they may not want to give you the key," Devlin said.
The Chronicle reports that the university has not said if a ransom was asked for or paid, though some university services like BlackBoard and email are back online.
Devlin said that whether your information is linked to a company, university, or other organization, it's always a best practice to make sure you're protecting yourself. He says the best way to do that is to have strong passwords.
"If you really want to be good on an iPhone or an Android, you use what is called an alphanumeric password. It's a combination of letters, numbers, and symbols, and a minimum length of about 6 to 8 characters," Devlin said.
For more news updates, follow Lileana Pearson on Facebook, X and Instagram.