The UC Office of the President distributed the following update by email today (April 2) about the Accellion cyberattack and what people should do to protect themselves. Please do not send inquiries to the email@example.com email address. We will provide updates here as they become available.
To the University of California Community:
We are writing to provide you additional information about a data security incident affecting the UC community and what you should do to protect your personal information.
As was announced on March 31, UC is one of several institutions targeted by a nationwide cyberattack on Accellion’s File Transfer Appliance (FTA), a vendor service used for transferring sensitive information. This attack has affected approximately 300 organizations, including universities, government institutions and private companies. In this incident the perpetrators gained access to files and confidential personal information by exploiting a vulnerability in Accellion’s program. At this time, we believe the stolen information includes but is not limited to names, birthdates, Social Security numbers and bank account information. The attackers are threatening to publish, or have published, stolen information on the dark web in an attempt to extort organizations and individuals.
We are working with local and federal law enforcement and third-party vendors to investigate this incident, to assess the information that has been compromised, to enforce the law and to limit the release of stolen information.
We are alerting you now so you are able to take protective actions as we work to address the situation.
Here is what you should do to protect your personal and financial information:
- Sign up for free credit monitoring and identity theft protection — To help you protect your identity, we are offering the entire UC community complimentary credit monitoring and identity theft protection for one year through Experian IdentityWorks. This service includes:
- Credit monitoring — Actively monitors your Experian file for indicators of fraud.
- Internet surveillance — Technology searches the web, chat rooms & bulletin boards 24/7 to identify trading or selling of your personal information on the dark web.
- Identity restoration — Identity restoration specialists are immediately available to help you address credit and non-credit related fraud.
- Experian IdentityWorks ExtendCARE — You receive the same high-level of identity restoration support even after your Experian IdentityWorks membership has expired.
- $1 million identity theft insurance — Provides coverage for certain costs and unauthorized electronic fund transfers.
- Lost wallet — Provides assistance with canceling/replacing lost or stolen credit, debit, and medical cards.
- Child monitoring — For 10 children up to 18 years old, internet surveillance and monitoring to determine whether enrolled minors in your household have an Experian credit report are available. Also included are identity restoration and up to $1 million identify theft insurance.
- Monitor and set up alerts for bank account(s) — Monitor your bank account(s) for suspicious transactions and report any to your bank. Ask the bank for online monitoring and alerts on your account. This will give you early warning of any fraudulent transactions.
- Watch out for suspicious emails — We believe the person(s) behind the Accellion FTA attack may send threatening mass emails in an attempt to scare people into giving them money. Anyone receiving such an email should either forward it to your local information security office (at UC Davis, send to firstname.lastname@example.org) or simply delete it. Please do not engage or respond.
- Place a fraud alert on your credit file — We recommend you place a fraud alert on your credit file by contacting one of the three nationwide credit bureaus listed below. If a fraud alert is placed on a consumer’s credit file, certain identity verification steps must be taken prior to extending new credit.
These incidents are reminders of the importance of doing everything possible to protect your online information. Here are five rules for protecting your information. In addition, you may wish to take additional identity theft measures described here.
We regard the privacy of all of our community members with the utmost seriousness. We will keep the UC community updated as we learn more and are able to share additional information.