Additional members of the CU community – students, employees and alumni – whose personal information may have been compromised in the cyberattack on university vendor Accellion are being notified of the potential exposure.
CU recently identified an additional set of files that were not included in the initial data review. Following a thorough review of the data, CU now is providing notice (via mail or email) of the incident to those community members whose information was in the additional files.
CU again will provide credit monitoring, identity monitoring, fraud consultation and identity theft restoration to those affected.
The data was not reviewed during the initial CU review because the Accellion system automatically destroys data after two weeks. There were files on the system that were stolen by the cyberattackers and then automatically purged before CU was informed by Accellion of the attack. When CU reviewed the Accellion files, some files already had been deleted and were inaccessible.
CU discovered the additional data when CLOP, the criminal organization tied to the cyberattack on Accellion, posted CU files on the dark web after not receiving a ransom payment. In March, CLOP posted a small amount of CU’s data on the dark web and threatened to post more stolen data if CU did not pay a ransom. Based on guidance from the FBI, CU did not pay the cybercriminals.
In mid-April, CLOP posted additional CU data on the dark web. CU downloaded and preliminarily reviewed these files and identified the additional data that had been deleted from the Accellion system.
The data in these additional files is related to the CU Boulder campus only; there was no additional data from CU Denver, CU Anschutz or UCCS.
A recently updated web page provides more detail and an FAQ section.