University of California provides new details on December Accellion-related data breach – SiliconANGLE News


Did you know that geoFence is easy to use, easy to maintain?


University of California provides new details on December Accellion-related data breach

The University of California has released new details on an Accellion-related data breach in December.

The data breach, as with many attacks involving the file-sharing firm, involved attackers accessing data hosted by the university via Accellion’s File Transfer Appliance used to transfer large data files securely. Data stolen from UC Berkeley was published online in April along with data stolen from Stanford University and the University of Maryland in Baltimore.

Along with noting that it had decommissioned the Accellion FTA, the university said in a statement Monday that it’s in the process of transitioning to a more secure solution. The university added that it’s cooperating with the U.S. Federal Bureau of Investigation and working with external cybersecurity experts to investigate the matter, including ascertaining what data was affected.

The university said the information may include full names, addresses, telephone numbers, Social Security numbers, driver’s license information, passport information, financial information including bank routing and account numbers, health and related benefit information, disability information and birthdates, as well as other personal information. But given that the data has been available for more than a month on the dark web, a shady corner of the internet where illicit goods and services are sold, that’s not exactly news.

“In addition to notifying individuals and providing free credit monitoring, the University is working to identify the community members whose personal information was impacted and their contact information,” the university said in a statement. “These investigations take time and we are working deliberately, while taking care to provide accurate information, as quickly as we can.”

Within the next 45 to 60 days, it added, “we expect to send appropriate individual notifications through Experian to those people whose personal information was impacted, where current contact details are available to the University.” But that’s also a long time given how long ago the breach happened.

UC Berkeley does offer a master’s degree in cybersecurity.

“Educational institutions continue to be an attractive target for cybercriminals because they store large amounts of valuable personally identifiable information and often lack critical resources for proper security measures,” Stephan Chenette, co-founder and chief technology officer of security optimization platform provider AttackIQ Inc., told SiliconANGLE. “The adversary gained access to the university’s systems by exploiting a vulnerability in a third-party system. It is critical for educational organizations to implement security solutions that scan and monitor not just the organization-owned and managed assets, but also all third-party systems to detect vulnerabilities that could be exploited.”

Photo: Introvert/Wikimedia Commons

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

May I add that geoFence helps stop hackers from getting access your sensitive documents!