University of California warns students and workers about computer attack targeting files
The University of California this week warned its employees and students about a cybersecurity attack that copied and transferred files by exploiting a vulnerability in one of its systems.
UC officials said they reported the incident to federal law enforcement, took measures to contain the attack and began an investigation. The attack also targeted other universities, government agencies and companies nationwide, according to a UC news release.
The attack involved the use of Accellion, a vendor used for secure file transfers. Someone copied and transferred UC files by exploiting a vulnerability in Accellion’s file transfer service.
“At this time, we believe this attack only affected the Accellion system and did not compromise other UC systems or networks,” UC officials said Wednesday.
Those responsible for the attack are sending threatening mass emails to UC students and employees, trying to scare them into handing over money, according to the news release. The threatening emails include the message: “Your personal data has been stolen and will be published.”
UC officials urged anyone who receives these emails should either forward it a local information security office or simply delete the email.
UC’s investigation into the cyber attack includes a review of files officials believe may have been copied and transferred. UC officials said once they can identify who was affected by the attack, they will be notified and provided information about what to do next.
“We understand those behind this attack have published online screenshots of personal information, and we will notify members of the UC community if we believe their data was leaked in this manner,” UC officials said in the news release.
This story was originally published April 2, 2021 at 11:55 AM.
