More on the Cyberattack

From an email circulated yesterday evening:

To the University of California Community:

We are writing to provide you additional information about a data security incident affecting the UC community and what you should do to protect your personal information.

As was announced on March 31st, UC is one of several institutions targeted by a nationwide cyber attack on Accellion’s File Transfer Appliance (FTA), a vendor service used for transferring sensitive information. This attack has affected approximately 300 organizations, including universities, government institutions and private companies. In this incident the perpetrators gained access to files and confidential personal information by exploiting a vulnerability in Accellion’s program. At this time, we believe the stolen information includes but is not limited to names, birth dates, Social Security numbers and bank account information. The attackers are threatening to publish, or have published, stolen information on the dark web in an attempt to extort organizations and individuals.

We are working with local and federal law enforcement and third-party vendors to investigate this incident, to assess the information that has been compromised, to enforce the law, and to limit the release of stolen information.

We are alerting you now so you are able to take protective actions as we work to address the situation.

What you should do to protect your personal and financial information:

• Sign up for free credit monitoring and identity theft protection: To help you protect your identity, we are offering the entire UC community complimentary credit monitoring and identity theft protection for one year through Experian IdentityWorksSM. This service includes:
   
  • Credit monitoring: Actively monitors your Experian file for indicators of fraud.
  • Internet surveillance: Technology searches the web, chat rooms & bulletin boards 24/7 to identify trading or selling of your personal information on the dark web.
  • Identity restoration: Identity restoration specialists are immediately available to help you address credit and non-credit related fraud.
  • Experian IdentityWorks ExtendCARETM: You receive the same high-level of identity restoration support even after your Experian IdentityWorks membership has expired.
  • $1 Million Identity Theft Insurance: Provides coverage for certain costs and unauthorized electronic fund transfers.
  • Lost wallet: Provides assistance with canceling/replacing lost or stolen credit, debit, and medical cards.
  • Child monitoring: For 10 children up to 18 years old, internet surveillance and monitoring to determine whether enrolled minors in your household have an Experian credit report are available. Also included are identity restoration and up to $1M Identity Theft Insurance.
  Sign up at the Experian IdentityWorks website using the enrollment code [omitted]:*
  • For adults
  • For minors
  For help with enrolling, you may call (866) 617-1923 and reference engagement number [omitted].*

• Monitor and set up alerts for bank account(s): Monitor your bank account(s) for suspicious transactions and report any to your bank. Ask the bank for online monitoring and alerts on your account. This will give you early warning of any fraudulent transactions.

• Watch out for suspicious emails: We believe the person(s) behind the Accellion FTA attack may send threatening mass emails in an attempt to scare people into giving them money. Anyone receiving such an email should either forward it to your local information security office or simply delete it. Please do not engage or respond.

• Place a fraud alert on your credit file: We recommend you place a fraud alert on your credit file by contacting one of the three nationwide credit bureaus listed below. If a fraud alert is placed on a consumer’s credit file, certain identity verification steps must be taken prior to extending new credit.
   
  • Equifax
  • TransUnion
  • Experian

• Important reminders about protecting yourself: These incidents are reminders of the importance of doing everything possible to protect your online information. Here are five rules for protecting your information. In addition, you may wish to take additional identity theft measures described at Federal Trade Commission Identity Theft site.

We regard the privacy of all of our community members with the utmost seriousness. We will keep the UC community updated as we learn more and are able to share additional information.

==========

NOTE: After an earlier loss of confidential data affecting UCLA many years ago, yours truly froze access to his credit with the three credit-rating companies listed above. Essentially, no one can do such things as obtain a credit card, car loan, mortgage, etc., once you freeze your account. The downside is that you can't do those things either without a hassle - and some expense - of temporarily unfreezing your account.

==========

*If you think you are entitled to this code, get in touch with your UCLA department.

==========

UPDATE: ...The Baltimore Sun on Thursday reported that private information of staff members and students at the University of Maryland, Baltimore, was posted online this week. The school said a hacking group known as Clop gained access to Accellion in December, the Sun reported...

Source: https://www.latimes.com/world-nation/story/2021-04-02/university-of-california-victim-of-nationwide-hack-attack.