DOE sending letters about nonpublic info disclosures from Rasputin SQLi attack

[randy <marchany () VT EDU>]

We received a letter recently from the US Dept of Education telling us that
information at www.recordedfuture.com indicated we had experienced a breach
on nonpublic customer information and reminding us that we had to file a
report with DOE. Of course, the letter had no details on the breach. After
some digging, we found the article that referenced us. It's at

https://www.recordedfuture.com/recent-rasputin-activity/

We were included in the list of the US universities affected by this
attack. I suspect other EDUs in the last will be getting a letter from
US-DOE sent your institution's president. So I thought I'd warn you guys
about this new wrinkle in the Federal cybersecurity world.

AND to let you know, we did NOT experience a nonpublic info breach.  :-)

-Randy Marchany
VA Tech IT Security Office and Lab