Pierluigi Paganini December 17, 2024

Texas Tech University reports a data breach affecting 1.4 million, exposing personal, health, and financial data from its health sciences centers.

Texas Tech University disclosed a data breach that impacted over 1.4 million individuals following a cyber attack. The security breach exposed the personal, health, and financial data from its health sciences centers, the Health Sciences Center and Health Sciences Center El Paso.

The University reported data breaches affecting 815,000 at its El Paso Health Sciences Center and 650,000 at its Health Sciences Center.

The incident took place in September 2024 and temporarily impacted computer systems and applications.

The organization immediately took steps to ensure its infrastructure and began an investigation into the incident. The investigation revealed that the unauthorized access to systems of Texas Tech University’s network resulted in access to or removal of certain files and folders.

“The investigation confirmed that a cybersecurity event caused the technology issues, resulting in access to or removal of certain files and folders from the HSCs’ network between September 17 and September 29, 2024.” reads the notice of security breach published by the HSCs. “As a result, the HSCs conducted a detailed review of the systems involved to determine what information they may contain and to whom it belongs.”

Compromised information varies by each individual, but may include name, date of birth, address, Social Security number, driver’s license number, government-issued identification number, financial account information, health insurance information and medical information, including medical records numbers, billing/claims data and diagnosis and treatment information.

Texas Tech University is notifying individuals whose information may be involved in this incident and out of an abundance of caution in offering them access to complimentary credit monitoring services.

The university did not share details about the attack, however, the Interlock ransomware gang claimed responsibility for the security breach.

The ransomware group claimed the theft of 2.6 terabytes of data, including patient data, medical research, and a large set of SQL databases.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)