The University of Colorado was the victim of a “malicious cyberattack” in which a substantial number of individual records — including students’ and employees’ personally identifiable information — may have been compromised, the university announced Tuesday.
CU vendor Accellion Inc. — a software company that bills itself as a way to securely share files — notified the university in late January that attackers temporarily accessed CU files uploaded by users of their file-transfer service, according to an email from CU President Mark Kennedy sent to the university community.
CU immediately shut down the service, which the university uses for transferring large files and data sets that can include sensitive materials, Kennedy said. CU identified 447 users whose uploaded data was impacted.
“Due to the nature of this service and its primary use by CU data custodians, individuals are unlikely at this time to know whether their personal data were impacted,” the university wrote on its informational website about the attack.
CU is one of some 300 customers impacted by the attack, according to the university.
“We believe a substantial number of individual records might have been compromised, including student and employee personally identifiable information,” Kennedy wrote in the email.
Potentially compromised information could include limited health and clinical data, research data and the personally identifiable information of CU Boulder and CU Denver students, prospective students and employees.
Most of the compromised data was from the Boulder campus and some was from the Denver campus, Kennedy said. CU Anschutz, CU Colorado Springs, the system administration and the CU Foundation do not appear to be impacted.
For more information, the university created a website dedicated to the attack at cu.edu/accellion-cyberattack.
“I understand this notice raises many questions and we are committed to providing information as we get it,” Kennedy wrote. “Piecing together exactly which files were compromised is a painstaking, sometimes manual process. CU clients of the service — most of whom are affiliated with the Boulder campus — have been notified and are assisting.”
Source: Read Full Article