The University of California, Berkeley (UC Berkeley) has confirmed it suffered a data breach, becoming the latest victim of the Accellion cyber-attack.
On Monday (March 29), “multiple” employees at UC Berkeley received an email from an unknown actor stating that their data had been stolen and would be released.
The emails contained a link that displayed a sample of personal details from UC employees, a statement from UC Berkeley reads.
UC Berkeley said that the data breach was due to an earlier intrusion suffered by third-party provider Accellion, a secure file transfer service, which was used by the university.
Third-party failure
The University of California Office of the President (UCOP) confirmed last night (March 31) that attackers exploited a vulnerability in Accellion to gain access to its data.
A statement read: “At this time, we believe this attack only affected the Accellion system and did not compromise other UC systems or networks.”
A spokesperson for UC Berkeley said: “We are working with UCOP to determine the scope, and will reach out directly to any members of the UC Berkeley community affected by this incident.
“In the meantime, if you receive any suspicious email, please report it to us without clicking on any links or replying to the sender.”
As previously reported by The Daily Swig, Accellion suffered a cyber intrusion in January this year, which impacted customers including the Reserve Bank of New Zealand and the QIMR Berghofer Medical Research Institute in Brisbane, Australia.
UCOP said it is conducting an investigation, which will include a review of the files believed to have been taken during the attack.
A statement reads: “Upon completion of our review, we should be able to better assess the data and individuals impacted. Once we can identify affected individuals, we will notify them and provide information regarding additional next steps.
“We understand those behind this attack have published online screenshots of personal information, and we will notify members of the UC community if we believe their data was leaked in this manner.”