The University of California is just one of the organizations still dealing with fallout from a December 2020 data breach. And now we know more about that fallout.
Hackers targeted the university's Accellion file transfer appliance (FTA) and exploited a vulnerability. In response to the attack, the university decommissioned the Accellion FTA.
Information impacted by UC data breach
During its investigation into the cyberattack, the University of California uncovered new information on what was accessed. And the data is significant.
"The impacted information may include full names, addresses, telephone numbers, Social Security numbers, driver's license information, passport information, financial information including bank routing and account numbers, health and related benefit information, disability information and birthdates, as well as other personal information."
This includes employees (current and former) and their dependents, retirees and beneficiaries, and current students, as well as other individuals who participated in UC programs.
Here is what the university is doing next:
"The University is working to identify the community members whose information was impacted. These investigations take time, and the University is working deliberately to provide accurate information as quickly as it can. Within the next 45 to 60 days, it expects to send appropriate individual notifications through Experian to those whose current contact information is available to the University."
Why is incident response taking so long?
For a cyberattack that occurred nearly six months ago, it is only natural for those impacted to wonder why the university is still investigating, even with help from the FBI and cybersecurity experts.
The UC is trying to explain its incident response:
"The University is aware of the data posted to the Internet. Nonetheless, to gain a comprehensive and complete understanding of the full extent of the attack's impact, a leading forensic cybersecurity firm was engaged to determine precisely what happened and what data was accessed or acquired without authorization.
As part of that investigation, and to provide accurate information to University community members, the University began reconstructing what files may have been stored on the Accellion FTA over the relevant period, working with UCOP security teams and our external cybersecurity experts.
As part of that effort, the University initiated a process to conduct a careful inspection of each and every file to determine what information was potentially affected in order to be able to provide accurate information and to give notice to each University community member whose personal information was impacted.
In addition to using sophisticated tools to parse and search the data, the University is also conducting a manual review of each and every file. Because much of the data is unstructured, and because of the volume of files, this is a labor-intensive and time-consuming process that involves hundreds of hours of detailed review and analysis. This work is all ongoing, and the University is using its resources to complete this investigation and analysis as quickly as it can."
To find out more details on the data breach and what information was potentially compromised, visit the University of California's frequently asked questions about the Accellion data breach.