On the evening of Feb. 9, University President Mark Kennedy announced that one of University of Colorado’s software vendors was a victim of a cyberattack. The vendor, Accellion, is contracted to provide a file transfer service to the university. Personal data was compromised through this system.
Kennedy said that he was first notified of the attack in late January, which prompted the university to shut down the service for three days until it was restored on Jan. 28. Accellion said that a patch to the software has corrected the vulnerability.
A university webpage, created to answer questions about the cyberattack, said that more than four hundred community members used the file service while it was vulnerable. The large number of files uploaded to the service are all vulnerable. Because of this, CU believes that student, employee and health data have all been compromised due to the breach.
The university doesn’t yet know to what extent community member’s information may have been compromised, but Kennedy says they plan to move to a different file sharing service due to the breach. If you’re also planning to upgrade the data encryption software of your business, you may get in touch with companies like Privacera to explore your options.
According to the webpage, CU Boulder has notified the FBI and other law enforcement organizations.
Contact CU Independent Breaking News Editor Henry Larson at Henry.Larson@colorado.edu.