In the latest cyber attack developments, the University of California (UC) confirmed that a data breach incident had plagued its network systems as a result of the infamous Accellion FTA implementation.
University of California victim of Accellion cyberattack
The infamous Accellion FTA cyber attack that transpired back in 2020, following a critical vulnerability that was detected in the dayed file-sharing software had compromised hundreds of organizations, government agencies, and universities.
UC initially confirmed the impact of the incident in early April, after the operators of Clop ransomware, which orchestrated the attack on Accellion’s service, published on their Tor-based leaks website information allegedly stolen from the university and other entities.
The present week, UC affirmed that the malicious actors had indeed gained unauthorized access to a large amount of personal data regarding the university’s current and former employees, dependents, retirees and beneficiaries, and current students, as well as other individuals who participated in UC programs.
Critically compromised data:
According to the University of California, the poached data includes private details such as names and addresses, Social Security numbers, phone numbers, driver’s license and passport information, financial data (including bank routing and account numbers), birthdates, health, and related benefit details, disability information, and other data.
The University of California also provided that some of the stolen data were also leaked on hacker forums thereby directly compromising the victims.
However, it was also noted that the data breach only affected the Accellion FTA, and none of the other systems were compromised. The university says it has already decommissioned the file sharing service, that it is transitioning to a more secure solution, and that it is taking steps to improve the overall security of its network.
Since the data breach, the University had been working in close coordination with the FBI to investigate the attack and its impacts.
The educational institution has also informed that they have worked to personally identify the impacted victims and the identified individuals will be particularly notified in the next 40 to 60 days.
“We are also separately notifying individuals who started or completed applications for the 2021-22 school year whose contact information (name, email address, and phone number) was impacted. Their notification will contain information pertinent to those individuals,” stated the University of California notes.