Northeastern State University in Oklahoma confirmed in an announcement Thursday that sensitive institution data was posted on the dark web after a cyberattack last month.
The posted data includes driver’s licenses, passports, W-9 forms and Social Security numbers, a local ABC affiliate reported. The public institution shut down its network last month to investigate after detecting the cyberattack, though classes continued as scheduled.
“NSU IT is working diligently with federal law enforcement and cyber experts to further assess the extent of the data compromised, as well as next steps for its retrieval,” Jennifer Zehnder, a university spokesperson, said in a recent statement.
It’s become increasingly common in recent years for bad actors to shift toward extorting universities with the promise of not posting their sensitive data online, rather than returning the functionality of their networks and services. Cyberattacks like this one rose by 26% last year.