Following a cyberattack on the file transfer service used in the UC Office of the President, or UCOP, system, personal UC employee data was released to the public.
Multiple UC Berkeley email accounts recently received messages stating that their personal information had been accessed and will be released, according to a campuswide email from Jenn Stringer, associate vice chancellor for information technology and chief information officer. The email added that accounts at multiple campuses throughout the UC system received similar messages.
An investigation conducted by the Information Security Office, or ISO, found that the messages included a link to a public site with a sample of personal data from UC employees, the email states. The ISO and bConnected email team then took steps to prevent more UC Berkeley email accounts from receiving the messages, according to the email.
The personal information was accessed through a cyberattack involving a vulnerability in a file transfer service from security provider Accellion, according to a UCOP press release. Multiple other universities, government agencies and private companies were involved in the attack, the press release added.
UCOP immediately reported the incident to law enforcement and will notify any individuals whose information may be compromised, according to the press release.
While the scope of the attack is currently unknown, the ISO urges anyone receiving suspicious emails or messages to report them immediately without replying or clicking on any links.
“This is also a good time to review cybersecurity tips,” the email reads. “Always be suspicious of any email asking for personal or user account information. UC Berkeley will never ask you for such information via email.”