Ladies' College
June 24, 2024
•[ ransomware, weak passwords, mfa missing ]
The Ladies College reported that on June 24, 2024 it lost access to several on-premises servers and quickly determined that an unauthorized party had gained access and deployed ransomware that encrypted systems. Regulators concluded the school failed to properly secure remote access, used a weak administrator password without MFA, and was vulnerable to brute-force compromise; monitoring alerts existed but lacked effective notification. The investigation found no evidence that data was accessed or copied off the network, though the incident impacted availability and encrypted some limited personal data. The school self-reported and later implemented remedial security measures.
