University of California Employees and Students Threatened After Breach

Some University of California employees and students are being threatened by cybercriminals following a data breach within the University of California system.

It appears the threat actors were able to copy and transfer files from the UC database by exploiting a vulnerability in Accellion's file transfer service. Accellion is a vendor used by many organizations in the U.S. for secure file transfers, and the list of known victims in this breach is growing.

UC warns: 'watch for threatening emails'  

At the University of California Berkeley, Chief Information Security Officer Allison Henry and school CIO Jenn Stringer posted about what is going on within the UC community:

"Beginning Monday, March 29, many UC Berkeley email accounts started receiving messages stating that their personal data had been stolen and would be released. We learned from our colleagues that similar messages were being received in email accounts for multiple campuses throughout the UC system.

The Information Security Office investigated and found that these emails contained a link to a public website where a sample of personal data from UC employees was posted."

And at the University of California-Davis, the Office of the President released a statement to explain the situation and revealed more about these extortion focused emails:

"We believe the person(s) behind this attack are sending threatening mass emails to members of the UC community in an attempt to scare people into giving them money. The message states: 'Your personal data has been stolen and will be published.'"

However, at UC Davis, the president seemed to downplay the actual threat:

"By their nature, these kinds of attacks are very broad and somewhat imprecise. Accordingly, some UC community members receiving these threatening emails will not have had their data compromised, while other community members with compromised data may not receive any email."

At the same time, the University of California is asking those who get threatened to take one of two possible actions, which seem to be at the opposite ends of the spectrum:

"Anyone receiving this message should either forward it to your local information security office or simply delete it."

University uses data breach as learning opportunity

The University of California is using the data breach to raise security awareness among everyone tied to the university system, however, specifics are limited.

The UC system shared five rules to protect online safety:

• "Think before you click — Criminals are experts at making phishing emails as convincing as possible."
• "Protect your passwords — Your old tricks for setting and storing your passwords may no longer be up to the task."
• "Protect your devices — For many of us, our homes are now our offices. Keep your devices as secure at home or on the road as you would in the office."
• "Protect your files — Make sure important information is stored securely, in a physically separate location from the originals, and test your backups periodically."
• "If it's suspicious, report it! — Report suspected scams and other suspicious activity to your local information security office."

For more information:
The UC Davis statement on the data breach
The Cal Berkeley statement on the data breach