UC Berkeley students, staff warned of massive data breach after cyberattack
UC Berkeley students, staff and faculty are being warned of a massive cyberattack that could compromise their data, including bank and Social Security numbers.
UC Berkeley’s Office of Emergency Management sent an alert last week notifying the campus that the security breach could be serious. The breach affects the entire UC system statewide, not only UC Berkeley.
“The cyberattack that the University of California announced … is a serious one. Your personal information, including Social Security number and bank account information, may be at risk,” said the statement.
The office states that hackers gained access to secure files, and are threatening to publish, or have published, stolen information onto the dark web. The cyberattack was part of a nationwide attack on several hundred institutions, including universities, government agencies and private companies, according to the university.
The attack involves Accellion, a vendor used for file transfer, in which an “unauthorized individual appears to have copied and transferred UC files by exploiting a vulnerability in Accellion’s file-transfer service,” said UC in an update.
The UC said in a statement that Accellion “has publicly admitted to the data breach, which has impacted about 100 organizations across the country, with at least 25 suffering significant data loss.”
Federal law enforcement has been notified and an investigation has begun; UC will also investigate to determine what files may have been copied and transferred in the cyberattack. Those that might have had their data accessed will be notified of the next steps they should take, UC said.
UC warns not to open any suspicious emails, which may be threatening members of the UC community, saying, “Your personal data has been stolen and will be published.” Any suspicious emails should be reported to a local campus security office, or deleted.
The University of California and UC Berkeley’s office of emergency management told campus members they could take additional steps to protect their information, including signing up for Experian, a credit monitoring and theft probation service, which includes monitoring the dark web for any postings of an individual’s personal information. The service will be free for one year for the UC community.
“The privacy of our community and the security of UC data are of paramount importance to the University. UC will continue to work with law enforcement and provide updates once we are able to disclose additional details of this ongoing investigation,” said the university system in a statement.