Nationwide cybersecurity attack compromises UC employee data

Photo of Sproul Plaza
Sunny Shen/File
UC employee data was released to the public following a cyberattack in a file transfer service used by the UC Office of the President, or UCOP, system. According to a UCOP press release, the incident was reported to law enforcement, and anyone with potentially compromised information will be notified.

Related Posts

Following a cyberattack on the file transfer service used in the UC Office of the President, or UCOP, system, personal UC employee data was released to the public.

Multiple UC Berkeley email accounts recently received messages stating that their personal information had been accessed and will be released, according to a campuswide email from Jenn Stringer, associate vice chancellor for information technology and chief information officer. The email added that accounts at multiple campuses throughout the UC system received similar messages.

An investigation conducted by the Information Security Office, or ISO, found that the messages included a link to a public site with a sample of personal data from UC employees, the email states. The ISO and bConnected email team then took steps to prevent more UC Berkeley email accounts from receiving the messages, according to the email.

The personal information was accessed through a cyberattack involving a vulnerability in a file transfer service from security provider Accellion, according to a UCOP press release. Multiple other universities, government agencies and private companies were involved in the attack, the press release added.

UCOP immediately reported the incident to law enforcement and will notify any individuals whose information may be compromised, according to the press release.

While the scope of the attack is currently unknown, the ISO urges anyone receiving suspicious emails or messages to report them immediately without replying or clicking on any links.

“This is also a good time to review cybersecurity tips,” the email reads. “Always be suspicious of any email asking for personal or user account information. UC Berkeley will never ask you for such information via email.”

Aditya Katewa is a deputy news editor. Contact him at [email protected] and follow him on Twitter at @adkatewa1.