UPDATED 23:11 EDT / MAY 11 2021

SECURITY

University of California provides new details on December Accellion-related data breach

The University of California has released new details on an Accellion-related data breach in December.

The data breach, as with many attacks involving the file-sharing firm, involved attackers accessing data hosted by the university via Accellion’s File Transfer Appliance used to transfer large data files securely. Data stolen from UC Berkeley was published online in April along with data stolen from Stanford University and the University of Maryland in Baltimore.

Along with noting that it had decommissioned the Accellion FTA, the university said in a statement Monday that it’s in the process of transitioning to a more secure solution. The university added that it’s cooperating with the U.S. Federal Bureau of Investigation and working with external cybersecurity experts to investigate the matter, including ascertaining what data was affected.

The university said the information may include full names, addresses, telephone numbers, Social Security numbers, driver’s license information, passport information, financial information including bank routing and account numbers, health and related benefit information, disability information and birthdates, as well as other personal information. But given that the data has been available for more than a month on the dark web, a shady corner of the internet where illicit goods and services are sold, that’s not exactly news.

“In addition to notifying individuals and providing free credit monitoring, the University is working to identify the community members whose personal information was impacted and their contact information,” the university said in a statement. “These investigations take time and we are working deliberately, while taking care to provide accurate information, as quickly as we can.”

Within the next 45 to 60 days, it added, “we expect to send appropriate individual notifications through Experian to those people whose personal information was impacted, where current contact details are available to the University.” But that’s also a long time given how long ago the breach happened.

UC Berkeley does offer a master’s degree in cybersecurity.

“Educational institutions continue to be an attractive target for cybercriminals because they store large amounts of valuable personally identifiable information and often lack critical resources for proper security measures,” Stephan Chenette, co-founder and chief technology officer of security optimization platform provider AttackIQ Inc., told SiliconANGLE. “The adversary gained access to the university’s systems by exploiting a vulnerability in a third-party system. It is critical for educational organizations to implement security solutions that scan and monitor not just the organization-owned and managed assets, but also all third-party systems to detect vulnerabilities that could be exploited.”

Photo: Introvert/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU