Students and staff throughout the University of California system are being warned that a cyber-attack has put their personal information at risk.
UC officials announced Friday that the system was one of the victims of a nationwide breach that targeted the third party file transfer vendor Accellion.
“Accellion was the target of an international cyber-attack where the perpetrators exploited a vulnerability in Accellion’s program and attacked roughly 100 organizations. The attackers are now attempting to get money from organizations and individuals,” the university said in a statement.
Students and staff are being advised that personal information including social security numbers and bank account information may now be at risk.
Inside Higher Ed reports that some of the stolen files included academic transcripts, medical records, research grants and employment contracts, some of which have been leaked online.
Additionally, the hackers are now sending emails to students and staff threatening to publish more information if they do not pay a ransom.
“These types of adversaries are typically looking to some financial motivation and they are using their skillset to steal data and to also encrypt data and then extort the victims for money in order to get the decryption keys,” said Shawn Henry, president of the cybersecurity firm CrowdStrike Services.
UC Berkeley is urging its students to sign up for credit and identify theft monitoring services.
Henry says the payoff for these kinds of attacks can be huge.
“The reason these types of ransomware attacks continue is because they’re so profitable to the attackers. Their return on their investment is significantly high and their chance of getting caught is relatively small.”
He says cyber-attacks are inevitable given that so many people have been working from home on unsecured devices for more than a year.
