Data possibly including Social Security numbers and financial information belonging to University of California students, staff and retirees has been posted on the internet after a December security breach that targeted the UC system’s file transfer appliance, the UC president wrote in an update Wednesday.
Personal data possibly including Social Security numbers and financial information has found its way to the internet in the wake of a December security breach, UC Santa Cruz staff, students, and retirees learned in an update Wednesday from the University of California.
The attack exploited a vulnerability in the Accellion file transfer appliance (FTA) that serves the entire University of California system and, UC President Michael V. Drake wrote in a statement, “certain UC data was accessed without authorization.” The breached information might include “full names, addresses, telephone numbers, Social Security numbers, driver’s license information, passport information, financial information including bank routing and account numbers, health and related benefit information, disability information and birthdates, as well as other personal information,” per Drake’s statement.
The UC said it learned in late March that some of this data was published online.
The UC is cooperating with the FBI in its ongoing investigation and has made free credit monitoring and protection available to those affected via Experian IdentityWorks. Individuals whose information was affected can expect to be notified by Experian within 45 to 60 days, Drake wrote. More information on the breach, and what individuals can do to protect themselves, can be found here.
The University of California was not the only victim of the hack, which impacted over 100 organizations, including other universities and some government agencies. The exact impact on individual UC campuses, including UCSC, was unclear.