UC a Target of Nationwide Cyber Attack
Updated May 10, 2021
On December 24, 2020, UC’s Accellion FTA was the target of an international attack, where perpetrators exploited a vulnerability in the application. Over 100 organizations, including universities, government agencies, and private companies, were similarly attacked. In connection with the attack, certain UC data was accessed without authorization. We identified on March 29, 2021, that some of this data was posted online.
When the University discovered the issue, we took the system offline and patched the Accellion vulnerability. We are in the process of transitioning to a more secure solution. The University is cooperating with the FBI and working with external cybersecurity experts to investigate this matter and determine what happened, what data was impacted and to whom the data belongs.
There is no evidence that other University systems were impacted.
To inform and protect the UC member community, the University notified the community via email, hosted interactive workshops at several campuses and posted information about the event and how individuals can protect themselves to its websites. The University also arranged free credit monitoring and identity theft protection services for the entire University community through Experian IdentityWorks.