UC Davis students, staff and faculty have been notified of a massive cyberattack that could compromise their data, including bank and Social Security numbers.
The entire UC system was affected by the breach, according to a notification from the UC Office of the President.
“At this time, we believe the stolen information includes but is not limited to names, birthdates, Social Security numbers and bank account information,” a statement from the UCOP released April 2 noted. “The attackers are threatening to publish, or have published, stolen information on the dark web in an attempt to extort organizations and individuals.”
The cyberattack was part of a nationwide attack on several hundred institutions, including universities, government agencies and private companies, according to the university.
The attack involves Accellion, a vendor used for file transfer, in which an “unauthorized individual appears to have copied and transferred UC files by exploiting a vulnerability in Accellion’s file-transfer service,” said the UC in an update this week.”
The UC said in a statement that Accellion “has publicly admitted to the data breach, which has impacted about 100 organizations across the country, with at least 25 suffering significant data loss.”
Federal law enforcement has been notified and an investigation has begun; UC will also do its own investigation to determine what files may have been copied and transferred in the cyberattack. Those that might have had their data accessed will be notified of the next steps they should take, UC said.
UC Davis warned students and staff to be on the lookout for any suspicious emails, as the attackers may send messages to extort people for money. The university asked that any suspicious emails be sent to [email protected]
In their campus update, UC Davis encouraged campus members to protect their information by avoiding phishing emails, using strong passwords, keeping devices in secure locations and reporting suspicious activity.
The UC system has encouraged campus members to take additional steps to protect their information, including signing up for Experian, a credit monitoring and theft probation service, which includes monitoring the dark web for any postings of an individual’s personal information. The service will be free for one year for the UC community and can cover up to $1 million in identity theft insurance.
“The privacy of our community and the security of UC data are of paramount importance to the University. UC will continue to work with law enforcement and provide updates once we are able to disclose additional details of this ongoing investigation,” said UC system in a statement.
Angela Ruggiero contributed to this report