Posts Tagged: cybersecurity
UC is one of several institutions targeted by a nationwide cyber attack on Accellion's File Transfer Appliance (FTA), a vendor service used for transferring sensitive information. This attack has affected approximately 300 organizations, including universities, government institutions and private companies. In this incident, the perpetrators gained access to files and confidential personal information by exploiting a vulnerability in Accellion's program.
You may register with Experian IdentityWorks for credit monitoring services, using the enrollment code JCZGTC333. If you have already registered, there is no need to take any further action to activate your monitoring.
UCOP has published FAQs in both English and Spanish and is adding to and updating the list as more information becomes available: https://ucnet.universityofcalifornia.edu/data-security/updates-faq/accellion-faq.html. These FAQs address more questions from the community, including questions about the Experian notifications.
UCOP has added recorded webinars about ways people can protect themselves to https://ucnet.universityofcalifornia.edu/data-security/index.html, in both English and Spanish.
UC regards the privacy of all of our community members with the utmost seriousness. We will keep the UC ANR community updated as we learn more and are able to share additional information.
UC has learned that it, along with other universities, government agencies, and private companies throughout the country, was recently subject to a cybersecurity attack. The attack involves the use of Accellion, a vendor used by many organizations for secure file transfer, in which an unauthorized individual appears to have copied and transferred UC files by exploiting a vulnerability in Accellion's file transfer service.
Upon learning of the attack, UC immediately reported the incident to federal law enforcement, took measures to contain it, and began an investigation. At this time, we believe this attack only affected the Accellion system and did not compromise other UC systems or networks.
UC's investigation includes a review of the files we believe may have been copied and transferred as part of this attack. Upon completion of our review, we should be able to better assess the data and individuals impacted. Once we can identify affected individuals, we will notify them and provide information regarding additional next steps.
We understand those behind this attack have published online screenshots of personal information, and we will notify members of the UC community if we believe their data was leaked in this manner.
Watch out for suspicious emails
We believe the person(s) behind this attack are sending threatening mass emails to members of the UC community in an attempt to scare people into giving them money. The message states:
“Your personal data has been stolen and will be published”
By their nature, these kinds of attacks are very broad and somewhat imprecise. Accordingly, some UC community members receiving these threatening emails will not have had their data compromised, while other community members with compromised data may not receive any email.
Anyone receiving this message should either forward it to your local information security office or simply delete it.
Important reminders about protecting yourself, and UC
We remind all members of the UC community to not click on links or open attachments unless you know and trust the sender.
In addition, you may wish to take the following steps to protect your information:
- Consider taking additional identity theft measures described at https://www.identitytheft.gov/databreach
- Place a fraud alert with one of the three nationwide credit bureaus:
- Place a security freeze on your credit report by making a request to the three credit bureaus.
UC regards the privacy of all its community members with the utmost seriousness. We will update the UC community as we are able to disclose additional information.
ANR's IT team has seen an increase in the number of spoofed emails, a form of phishing or spam email.
Email spoofing is the forgery of an email so that the message appears to be from someone or somewhere other than the actual source.
The goal here is to persuade you to assist the “supervisor” in purchasing some gift cards. The email is structured in a sense that indicates the supervisor is not available, there is a certain sense of urgency and validity, and it is sent from a mobile device.
There are also other clues within the email. Even though the name of the supervisor is correct, the email address is not and is not part of the organization. Scratching the back of the card to get the code doesn't make sense, especially if you are planning to give it to your clients, customers, etc.
The best thing to do with these types of phishing emails is simply to call or text your supervisor's known cell phone number and confirm before making a purchase.
UPDATE: The deadline to enroll in Duo has been extended to March 31, 2019.
To maintain access to critical systems such as the Time Reporting System (TRS), AggieTravel and AggieBuy, enroll in Duo by Feb. 13.
Before you enroll in Duo, make sure that your email system is supported to avoid service interruption. Visit Email Compatibility for a list of supported email systems.
The device you use with Duo can be a smartphone, tablet, cellphone or traditional landline. You should choose the device you are most likely to have close at hand when you want to access your UC ANR email.
- Visit https://computingaccounts.ucdavis.eduand choose “Duo Multifactor Authentication”.
- Sign in with your campus account.
- Follow the on-screen prompts to enroll a device.
Detailed step-by-step instructions are available at UC Davis IT Help.
If you encounter difficulties during enrollment, please contact the UC ANR Help Desk at firstname.lastname@example.org or (530) 750-1212. You can also visit the “Duo Clinic” between 9 a.m. and 11 a.m. on Monday, Wednesday and Friday by logging onto Zoom at ucanr.zoom.us/s/491057944.
The preferred method for accessing Duo is via smartphone or landline. If neither of these options is viable, a Duo security token can be purchased through AggieBuy for $29.99. Units will be responsible for the cost, which is an allowable expense for Program Support Funds.
To purchase Duo tokens, visit https://AggieBuy.ucdavis.edu and search for either part number or keywords under “Product Search”:
- Part number: 2046355
- Keywords: Duo Security Token
A comprehensive description of Duo is available at http://ucanr.edu/mfa.
The formation of UC ANR as a stand-alone financial structure provides us a remarkable opportunity to improve efficiency, and strengthen compliance, accountability and security. Additionally, UC ANR is responsible for protecting a vast amount of electronic information ranging from personal data to highly valuable original research.
In order to protect personnel payroll records that will enable UCPath, as well as critical research data, we have collaborated with UC Davis to implement a multi-factor authentication (MFA) service called Duo. Duo adds a new layer of security to your online accounts. A more comprehensive description of Duo is available at http://ucanr.edu/mfa.
To support ANR-wide adoption of Duo MFA, I want to encourage all managers, supervisors and directors to make staff aware of the Duo initiative and actively encourage them to enroll. Your participation in this initiative will help protect UC ANR information assets and help us comply with laws and regulations pertaining to the protection of personal and confidential information. Thank you for your support as UC ANR implements this critical cybersecurity initiative.
Tu M. Tran
Associate Vice President, Business Operations