ANR Employees
University of California
ANR Employees

Posts Tagged: cybersecurity

IT team rises to challenge of cyberattacks

Thank you all for your patience and understanding while the ANR server was the target of an unprecedented aggressive and persistent cyberattack. I am happy to report that most web services are back online. We have all come to depend on websites for communication and outreach and I sincerely apologize for the anxiety and hardship it created as you tried to find work-arounds to conduct business.
I commend Chief Information Officer Sree Mada and the IT team for their heroic efforts to restore service during the two weeks that the UC ANR server was under siege. Our colleagues Ron Walker, Jon Wilson, Lora Schroeder, Steve Edberg and Bryon Noel worked around the clock to secure UC ANR's web servers and assets. Once they found an effective solution, we were back online in about 48 hours.
Big thanks also to our IT colleagues Mark Boyce and Larry Ross at UCOP and Dave Zavatson at UC Davis for lending their expertise and resources to restore service while we await delivery of the new firewall, which is on back order due to supply-chain issues.
If you encounter continuing difficulties with UC ANR websites, please alert the IT team at
Thanks to all of you for your dedication and hard work in spite of unexpected challenges. I continue to be amazed at the ingenuity of ANR people to solve problems.
Glenda Humiston
Vice President
Posted on Friday, October 8, 2021 at 8:52 AM

Update on Accellion data breach

UC was one of more than 100 institutions targeted by a nationwide cyber-attack. As a result, certain university data was accessed without authorization. Protecting the UC community remains the university's top priority. Visit UCnet's Accellion data breach page to learn how to protect yourself, find answers to your questions, and get more information on how you can access free credit monitoring and identity-theft protection.  

You can also contact an Experian call center dedicated to the UC breach at (866) 904-6220. 

The Substitute Notice of Data Breach was updated on May 21. The FAQs for the Accellion incident are frequently updated so please check regularly.


Posted on Tuesday, May 25, 2021 at 1:01 PM

FAQs about the Accellion data breach updated

UC is one of several institutions targeted by a nationwide cyber attack on Accellion's File Transfer Appliance (FTA), a vendor service used for transferring sensitive information. This attack has affected approximately 300 organizations, including universities, government institutions and private companies. In this incident, the perpetrators gained access to files and confidential personal information by exploiting a vulnerability in Accellion's program.

You may register with Experian IdentityWorks for credit monitoring services, using the enrollment code JCZGTC333. If you have already registered, there is no need to take any further action to activate your monitoring. 

UCOP has published FAQs in both English and Spanish and is adding to and updating the list as more information becomes available: These FAQs address more questions from the community, including questions about the Experian notifications.  

UCOP has added recorded webinars about ways people can protect themselves to, in both English and Spanish. 

UC regards the privacy of all of our community members with the utmost seriousness. We will keep the UC ANR community updated as we learn more and are able to share additional information.

Posted on Monday, April 26, 2021 at 1:57 PM

UC part of nationwide cyber attack

UC has learned that it, along with other universities, government agencies, and private companies throughout the country, was recently subject to a cybersecurity attack. The attack involves the use of Accellion, a vendor used by many organizations for secure file transfer, in which an unauthorized individual appears to have copied and transferred UC files by exploiting a vulnerability in Accellion's file transfer service.

Upon learning of the attack, UC immediately reported the incident to federal law enforcement, took measures to contain it, and began an investigation. At this time, we believe this attack only affected the Accellion system and did not compromise other UC systems or networks.

UC's investigation includes a review of the files we believe may have been copied and transferred as part of this attack. Upon completion of our review, we should be able to better assess the data and individuals impacted. Once we can identify affected individuals, we will notify them and provide information regarding additional next steps. 

We understand those behind this attack have published online screenshots of personal information, and we will notify members of the UC community if we believe their data was leaked in this manner.

Watch out for suspicious emails

We believe the person(s) behind this attack are sending threatening mass emails to members of the UC community in an attempt to scare people into giving them money. The message states:

“Your personal data has been stolen and will be published”

By their nature, these kinds of attacks are very broad and somewhat imprecise. Accordingly, some UC community members receiving these threatening emails will not have had their data compromised, while other community members with compromised data may not receive any email.

Anyone receiving this message should either forward it to your local information security office or simply delete it.

Important reminders about protecting yourself, and UC

We remind all members of the UC community to not click on links or open attachments unless you know and trust the sender.

In addition, you may wish to take the following steps to protect your information:

UC regards the privacy of all its community members with the utmost seriousness. We will update the UC community as we are able to disclose additional information.

Related reading: 

Five rules for protecting your security online


Posted on Monday, March 22, 2021 at 11:03 AM

Don’t fall for phishing emails

Phishing email example

ANR's IT team has seen an increase in the number of spoofed emails, a form of phishing or spam email.

Email spoofing is the forgery of an email so that the message appears to be from someone or somewhere other than the actual source.

The goal here is to persuade you to assist the “supervisor” in purchasing some gift cards. The email is structured in a sense that indicates the supervisor is not available, there is a certain sense of urgency and validity, and it is sent from a mobile device.

Spoofed email example

There are also other clues within the email. Even though the name of the supervisor is correct, the email address is not and is not part of the organization. Scratching the back of the card to get the code doesn't make sense, especially if you are planning to give it to your clients, customers, etc.

The best thing to do with these types of phishing emails is simply to call or text your supervisor's known cell phone number and confirm before making a purchase.

Posted on Friday, February 15, 2019 at 5:21 PM

Read more

Webmaster Email: