Educause Security Discussion mailing list archives
DOE sending letters about nonpublic info disclosures from Rasputin SQLi attack
From: randy <marchany () VT EDU>
Date: Wed, 29 Nov 2017 13:03:50 -0500
We received a letter recently from the US Dept of Education telling us that information at www.recordedfuture.com indicated we had experienced a breach on nonpublic customer information and reminding us that we had to file a report with DOE. Of course, the letter had no details on the breach. After some digging, we found the article that referenced us. It's at https://www.recordedfuture.com/recent-rasputin-activity/ We were included in the list of the US universities affected by this attack. I suspect other EDUs in the last will be getting a letter from US-DOE sent your institution's president. So I thought I'd warn you guys about this new wrinkle in the Federal cybersecurity world. AND to let you know, we did NOT experience a nonpublic info breach. :-) -Randy Marchany VA Tech IT Security Office and Lab
Current thread:
- DOE sending letters about nonpublic info disclosures from Rasputin SQLi attack randy (Dec 01)