![]() In addition to using sophisticated tools to parse and search the data, the University also conducted a manual review of each and every file. As part of that effort, the University initiated a process to conduct a careful inspection of each and every file to determine what information was potentially affected in order to be able to provide accurate information and to give notice to each University community member whose personal information was impacted. Nonetheless, to gain a comprehensive and complete understanding of the full extent of the attack’s impact, a leading forensic cybersecurity firm was engaged to determine precisely what happened and what data was accessed or acquired without authorization.Īs part of that investigation, and to provide accurate information to University community members, the University began reconstructing what files may have been stored on the Accellion FTA over the relevant period, working with UCOP security teams and our external cybersecurity experts. The University was aware of the data posted to the Internet. The University worked deliberately, while taking care to provide accurate information, as quickly as it could. If the University does not have a physical address, but does have an email address, it will send the notification via email. UC community members are being notified via USPS mail where current physical addresses are available. Information provided by students who participated in the 2020 University of California Undergraduate Experience Survey (UCUES) was also impacted and posted to the internet by the threat actor.Īs a result of a thorough investigation, the University has identified individual community members whose information was impacted by the Accellion event and, as of June 30 and July 1, 2021, sent the appropriate individual notifications via Experian. The impacted information may include full names, addresses, telephone numbers, Social Security numbers, driver’s license information, passport information, financial information including bank routing and account numbers, health and related benefit information, disability information, and birthdates, as well as other personal information provided to UC. ![]() ![]() The University has identified individual community members whose information was impacted by the Accellion event and, as of June 30 th and July 1 st, 2021, sent the appropriate individual notifications via Experian. For transparency reasons and out of an abundance of caution, the University continued to notify community members whose information was potentially impacted, as the investigation unfolded. Working with external cybersecurity experts to investigate this matter and determine what happened, what data was impacted, and to whom the data belongs.īetween May 12-14, the University sent emails to UC community members whose information was potentially impacted.Transitioning to a more secure solution.The University has decommissioned the Accellion FTA and is: The University values privacy and security and is enhancing the safeguards and protections of its information and systems. On March 29, 2021, the University identified that some of this data was posted on the Internet. In connection with the attack, certain University data was accessed without authorization. Perpetrators exploited a vulnerability in the application and attacked over 100 organizations, including universities, government agencies, and private companies. ![]() On December 24, 2020, the University’s Accellion file transfer appliance (FTA) was the target of an international attack.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |