A ransomware group, "Akira," claimed responsibility for a cyberattack against Mercer, according to a tweet published Tuesday. The attack resulted in sensitive personal information such as Social Security numbers and driver’s license numbers belonging to Mercer community members being compromised.
Twitter account @DailyDarkWeb tweeted Tuesday morning, "Akira ransomware group has announced Mercer University on the victim list 'Mercer University is a private, coeducational university with its main campus in Macon, Georgia.'"
A report published in May by Malwarebytes, an Apple-endorsed anti-malware software company, said Akira is a "fresh ransomware hitting enterprises globally since March 2023, having already published in April the data of nine companies across different sectors like education, finance, and manufacturing."
Akira claims that Mercer "doesn't value" their community as evidenced by the university's refusal to pay the "relatively affordable" yet unnamed ransom.
"(Mercer's) mission - to teach, to learn, to create, to discover, to inspire, to empower and serve, we would add - to disclose. Recently they have fulfilled a data disclosure mission," a screenshot of the statement from Akira included in the tweet states. "A 'best value' of national universities doesn't value it's [sic] students and teachers personal information and it will be available for downloading in our blog soon. Our offer with a relatively affordable price for saving their internal data was denied."
Mercer released a statement Tuesday that said it had "detected an incident involving unauthorized access to its computer network." According to the statement, some Social Security numbers and driver's license numbers were "removed from its systems without authorization."
The university claims there is currently "no evidence" that any "personal financial information" was removed by the attack.
This information comes in the wake of university-wide system outages that began April 5. It took at least three days for Mercer IT to bring all systems back online.
Mercer has not confirmed any connection between the April incident and the information regarding the Akira attack released Tuesday. Communication from Mercer IT about the April outages has been limited, mostly to confirm when certain systems came back online.
"Based on a thorough analysis by IT staff and external consultants the University is confident at this point in time that Student Information System data, employee data and Mercer Medicine patient data were not compromised during yesterday's system outage," a university statement emailed to members of the Mercer community April 6 states.
A message rumored to come from a Mercer IT employee circulated Mercer student group chats the day of the attack: "I cannot say anything much at all, but make sure if you have any accounts that share your mercer password that aren't mercer related, change them now. This isn't a drill, and there won't be network connectivity internally and externally."
Mercer's statement said it is in the process of notifying students, faculty, staff and parents who may have had personal information stolen by Akira in the attack. As of Thursday at 4 p.m., The Cluster is not aware of any such emails.
Henry Keating '24 is a Journalism and History student at Mercer. He has worked at The Cluster as SGA correspondent, State and Local News Editor, Managing Editor and now as the Editor-in-Chief. Henry has held internships at the Macon Newsroom, Macon Telegraph, and Greenville Post and Courier. He enjoys backpacking, rom-coms, pottery and photography.
Mary Helene Hall ‘23 is a journalism and women’s and gender studies student who has worked for The Cluster throughout her time at Mercer. She has held internships at The Atlanta Journal-Constitution and AL.com, where she covered a variety of topics including politics, crime and culture.