On Dec. 24, 2020, UC’s Accellion FTA was the target of an international attack, where perpetrators exploited a vulnerability in the application. Over 100 organizations were similarly attacked, including universities, government agencies and private companies. In connection with the attack, certain UC data was accessed without authorization. We identified on March 29, 2021 that some of this data was posted on the Internet.
When the University discovered the issue, we took the system offline and patched the Accellion vulnerability. We are in the process of transitioning to a more secure solution. The University is cooperating with the FBI and working with external cybersecurity experts to investigate this matter and determine what happened, what data was impacted and to whom the data belongs.
There is no evidence that other University systems were impacted.
To inform and protect the UC member community, the University notified the community via email, hosted interactive workshops at several campuses and posted information about the event and how individuals can protect themselves to its websites. The University also arranged for free credit monitoring and identity theft protection services for the entire University community through Experian IdentityWorks.
In 48 hours, individuals will receive an email from Experian on behalf of the University. It will remind individuals about the available services and provide a unique activation code that can be used to access the same services. The prior universal code will be retired. The University has established a dedicated call center to answer questions regarding the event and these services.