Nationwide cyberattack targets personal information of some in UC community
A file leak from the file transfer company Accellion may have compromised some University of California community members’ personal information, the UC announced Wednesday. (Lauren Man/Assistant Photo editor)
By Marilyn Chavez-Martinez and Bernard Mendez
March 31, 2021 8:49 p.m.
Some University of California community members were victims of a nationwide cyberattack that compromised their personal information, UC officials announced Wednesday.
The attack affected several universities, government agencies and private companies, a UCnet press release said. An unidentified individual received the information by exploiting a weakness in the file transfer service of Accellion, a file transfer company used by the UC, the press release said.
UCLA email accounts also began receiving emails starting Monday, which threatened to publish the recipients’ personal information, said David Shaw, UCLA chief information security officer, in a campuswide email Wednesday. The threatening emails also linked to a website that contained a sample of UC employees’ personal information, Shaw added.
However, not everyone who had their information compromised received a threatening email, and people who received the email may have not had their information compromised, according to the UCnet press release. The University is working on notifying anyone who had their personal information compromised in the attack.
It is not yet clear how many UC employees had their information stolen or how many UC employees were sent the threatening emails. The UC did not immediately respond to a request for comment.
Other universities have also been victims of attacks against Accellion, including the University of Colorado system and UC Berkeley. Some UC Berkeley email accounts also received emails that threatened to release personal information, the Daily Cal reported.
The UC said the attack might be financially motivated and that the attackers may have posted some of the data online already. The UC has contacted federal law enforcement regarding the incident and has begun an investigation to identify who was affected and how many people were impacted.
The University advises those who received messages threatening to release their personal data to either forward the message to a local information security office or to delete it.
Members of the UCLA community who receive these messages can report them to [email protected] and are discouraged from clicking any links or replying to the sender, the UCLA campuswide email stated.