UC has learned that it, along with other universities, government agencies, and private companies throughout the country, was recently subject to a cybersecurity attack. The attack involves the use of Accellion, a vendor used by many organizations for secure file transfer, in which an unauthorized individual appears to have copied and transferred UC files by exploiting a vulnerability in Accellion's file transfer service.
Upon learning of the attack, UC immediately reported the incident to federal law enforcement, took measures to contain it, and began an investigation. At this time, we believe this attack only affected the Accellion system and did not compromise other UC systems or networks.
UC's investigation includes a review of the files we believe may have been copied and transferred as part of this attack. Upon completion of our review, we should be able to better assess the data and individuals impacted. Once we can identify affected individuals, we will notify them and provide information regarding additional next steps.
We understand those behind this attack have published online screenshots of personal information, and we will notify members of the UC community if we believe their data was leaked in this manner.
Watch out for suspicious emails
We believe the person(s) behind this attack are sending threatening mass emails to members of the UC community in an attempt to scare people into giving them money. The message states:
“Your personal data has been stolen and will be published”
By their nature, these kinds of attacks are very broad and somewhat imprecise. Accordingly, some UC community members receiving these threatening emails will not have had their data compromised, while other community members with compromised data may not receive any email.
Anyone receiving this message should either forward it to your local information security office or simply delete it.
Important reminders about protecting yourself, and UC
We remind all members of the UC community to not click on links or open attachments unless you know and trust the sender.
In addition, you may wish to take the following steps to protect your information:
- Consider taking additional identity theft measures described at https://www.identitytheft.gov/databreach
- Place a fraud alert with one of the three nationwide credit bureaus:
- Place a security freeze on your credit report by making a request to the three credit bureaus.
UC regards the privacy of all its community members with the utmost seriousness. We will update the UC community as we are able to disclose additional information.