The University of Colorado (CU) has declared that they were a casualty of a malicious cyberattack which may have undermined the private data of a substantial number of the University’s students and employees.
The University of Colorado detected 447 users whose uploaded data was affected.
As a prompt reaction, CU immediately cut off the service that was originally affected by the cyberattack called Accellion Inc.
Impact on multiple organizations:
Accellion Inc. is a cloud computing solutions company that the university interacts with to securely share and transfer files containing sensitive University-related information and important private data.
It also includes individually identifiable data of existing and future students and employees, health and clinical data, as well as study and research data that should stay protected due to privacy laws.
As was reported earlier this month, along with the University of Colorado, Washington SAO, and several other primary clients of the corporation were also known to be affected. Seemingly, some more than others.
The Corporation had reportedly alerted the University around late January that threat actors had clandestinely accessed the files of CU uploaded by users to their file-sharing service based on an email sent to the University Community by CU’s President Mark Kennedy.
Ongoing investigations:
CU spokesperson Ken McConnellogue reported that the entire extent and scope of the cyberattack are yet to be comprehended by the University as investigations are still underway to pinpoint the exact details of the impacted files and individuals. “CU also cannot tell who was the attack perpetrator although it is known that more than 250 clients of Accellion were also affected by the same threat actor”, McConnellogue stated.
“Due to the order of this service and its focal use by CU data custodians, individuals are unlikely at this time to know at this time whether their private data were affected,” CU reports on their information website.
Most of the undermined data was from the Boulder campus while some were seemingly from the Denver campus.
CU has declared that they were a casualty of a malicious cyberattack which may have undermined the private data of a substantial number of the University’s students and employees.
CU detected 447 users whose uploaded data was affected. As a prompt reaction, CU immediately cut off the service that was originally affected by the cyberattack called Accellion Inc.
Impact on multiple organizations:
Accellion Inc. is a cloud computing solutions company that the university interacts with to securely share and transfer files containing sensitive University-related information and important private data.
It also includes individually identifiable data of existing and future students and employees, health and clinical data, as well as study and research data that should stay protected due to privacy laws.
As was reported earlier this month, along with the University of Colorado, Washington SAO, and several other primary clients of the corporation were also known to be affected. Seemingly, some more than others.
The Corporation had reportedly alerted the University around late January that threat actors had clandestinely accessed the files of CU uploaded by users to their file-sharing service based on an email sent to the University Community by CU’s President Mark Kennedy.
Ongoing investigations:
The University of Colorado CU spokesperson Ken McConnellogue reported that the entire extent and scope of the cyberattack are yet to be comprehended by the University as investigations are still underway to pinpoint the exact details of the impacted files and individuals. “CU also cannot tell who was the attack perpetrator although it is known that more than 250 clients of Accellion were also affected by the same threat actor”, McConnellogue stated.
“Due to the order of this service and its focal use by CU data custodians, individuals are unlikely at this time to know at this time whether their private data were affected,” CU reports on their information website.
Most of the undermined data was from the Boulder campus while some were seemingly from the Denver campus.