Is it me or is it getting foggy around here?
We mentioned last week that Fog had started making a number of claims following its alleged theft of GitLab source code… but as the mist accumulated on these claims, the gloom started to form somewhere else as well–the education sector.
This week, it added Aurora Public Schools (US) and The University of Notre Dame Australia to its data leak site after both entities noted cyber attacks in January of this year. In the case of Aurora, 171 GB was allegedly stolen, while 62.2 GB was taken from The University of Notre Dame Australia.
The University of Oklahoma was a victim of Fog ransomware in January, too.
In today’s class, we’ll learn about the biggest threat to our IT systems
Unfortunately, Fog isn’t the only gang targeting the education sector. In the last week, we’ve seen multiple ransomware claims, attacks, and retrospective data breach notifications, including:
- Crystal Lake Elementary District 47 – notifying 14,207 of a breach following an attack via RansomHub in October 2024
- Community High School District 117 – notifying 18,830 of a breach following an attack via BlackSuit in June 2024
- Harrison County Board of Education – hit by SafePay in January 2025
- University of The Bahamas – hit this month by an unknown group
- Muscogee County School District – notifying employees of a breach following an attack by SafePay in December 2024
- CESI – the French engineering college was targeted by Termite this month
So far this year, we’ve noted 10 confirmed and 34 unconfirmed attacks on the education sector (worldwide).
Employee loneliness is ripe for the romance scammer's picking
Our romance scams report dropped just in time for Valentine's Day. We've been tracking romance scams annually for some time now, so you could call this a yearly tradition of ours.
This year, the numbers are rather staggering. Nearly 59,000 Americans collectively lost over $697 million looking for love in all the wrong places. We won't go into the full detail as the report is long, but we'll say this: Yikes, Arizona.
This brings up a very important issue: Employee loneliness is a threat to not only their privacy and security, but the security of the entire organization. Scammers often manipulate victims into disclosing sensitive information or unwittingly facilitating unauthorized access to company systems. As our friends at K2Integrity have noted as well, employees have been coerced into diverting company funds, leading to substantial financial losses.
Your company must take employee loneliness and the risk of romance scams seriously by doing the following:
- Employee Education: Implement regular training sessions to inform staff about the tactics used in romance scams and the potential risks to both personal and organizational security.
- Promote Open Communication: Encourage employees to report any suspicious interactions without fear of embarrassment or retribution, fostering a culture of transparency.
- Monitor for Anomalies: Utilize security systems to detect unusual activities, such as unexpected data access patterns or unauthorized financial transactions, which may indicate compromised accounts.
- Support Employee Well-being: Recognize that loneliness can make individuals more susceptible to scams. Providing resources for mental health and facilitating social engagement can reduce vulnerability.
Is this a somewhat taboo topic? Yes. Is it difficult to talk about with employees? Yes. You may be blushing by the end of it. But your data security is more important than a bit of emotional discomfort (at least, we hope so).
Until next week. Let’s keep that zero-day count (and romance scam count) at zero!