Pages

Thursday, July 8, 2021

The Accellion Breach - Hands-Off Approach?

From Tech Crunch, 7-8-21: Morgan Stanley has joined the growing list of Accellion hack victims — more than six months after attackers first breached the vendor’s 20-year-old file-sharing product. The investment banking firm — which is no stranger to data breaches — confirmed in a letter this week that attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of its third-party vendor, Guidehouse. In a letter sent to those affected, first reported by Bleeping Computer, Morgan Stanley admitted that threat actors stole an unknown number of documents containing customers’ addresses and Social Security numbers. The documents were encrypted, but the letter said that the hackers also obtained the decryption key, though Morgan Stanley said the files did not contain passwords that could be used to access customers’ financial accounts...

Just days before news of the Morgan Stanley data breach came to light, an Arkansas-based healthcare provider confirmed it had also suffered a data breach as a result of the Accellion attack...

Accellion (is) now taking a more hands-off approach to the incident, means that the list of victims could keep growing. It’s currently unclear how many the attack has claimed so far, though recent tallies put the list at around 300. This list includes Qualys, Bombardier, Shell, Singtel, the University of Colorado, the University of California, Transport for New South Wales, Office of the Washington State Auditor, grocery giant Kroger and law firm Jones Day...

Full story at https://techcrunch.com/2021/07/08/the-accellion-data-breach-continues-to-get-messier/amp/.

Meanwhile, as we have previously posted, the Regents recently had a closed session on cybersecurity which presumably dealt with this matter.* Exactly what Accellion's "hands-off approach to the incident" means in terms of liability to UC and all those affected at UC is unclear.

===

*http://uclafacultyassociation.blogspot.com/2021/06/radio-silence-on-accellion-breach-part.html.

No comments:

Post a Comment