Data Breach At Colorado University

Another US university has notified thousands of former and current students that their personal information may have been compromised during a recent data breach. In a security notice issued the University of Colorado Boulder (CU Boulder) attributed the breach to an unpatched vulnerability in software provided by a third-party vendor, an Australian software company, Atlassian Corp.

CU Boulder said that, “Notifications are being distributed electronically this week to approximately 30,000 former and current CU affiliates regarding a data security compromise. 

Most of the individuals impacted are no longer affiliated with CU as a student or employee. This security incident is unrelated to the cyber attack on CU’s Accellion service earlier this year.” Attackers exploited a vulnerability in Atlassian software that CU Boulder’s Office of Information Technology uses to share information and accessed files that contained information including names, student ID numbers, addresses, dates of birth, phone numbers and genders and former CU Boulder.  

No Social Security numbers or financial information was exposed during the security incident. “An analysis by the Office of Information Security revealed some data stored in the program was accessed by an attacker,” said CU Boulder. Atlassian released a patch for the flaw on August 25. Since the incident, OIT has upgraded the software to the latest version, which is not susceptible to the vulnerability that the attacker exploited.

CU Boulder said that the Office was testing the new version and preparing to implement it when the intrusion occurred.

The university said that most of the roughly 30,000 individuals whose data may have been compromised are being notified by the university via email.  Dan Jones, associate vice chancellor for integrity, safety and compliance at the university, said campus officials did not know who was behind the cyber-attack.  “Monitoring services will be made available at no cost for individuals whose confidentiality may have been compromised,” said CU Boulder.

The university said that the data breach was not connected to the cyber attack on CU’s Accellion service earlier this year, which compromised information in 310,000 files, including student data and medical information.

This is the second known case of CU data being breached in a cyber attack 2021.  In January, CU was one of many clients affected by an attack on Accellion, a large file transfer service. Files of 447 users were accessed in the breach, containing personal information for thousands of students, faculty and staff across all CU campuses

Colorado.edu:   Denver Post:   Porstswigger:    CPR:   Infosecurity Magazine:   Digital HackerNetwork World

You Might Also Read: 

British Schools & Universities Suffer Attacks:

 

« Crypto Currency Fraud Costs £Millions
NATO Publishes An Artificial Intelligence Strategy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

OSSEC

OSSEC

OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS).

AllClear ID

AllClear ID

AllClear ID provides products and services that help protect people and their personal information from threats related to identity theft.

Oxford BioChronometrics

Oxford BioChronometrics

By building profiles based on electronically Defined Natural Attributes, or e-DNA, Oxford BioChronometrics protects digital networks, communities, individuals and other online assets from fraud.

Sabasai

Sabasai

Sabasai specialises in all aspects of insider threat management from training and education to building security frameworks and insider threat programs to on-site risk & vulnerability assessments.

NLnet Labs

NLnet Labs

NLnet Labs is a not-for-profit foundation with a long heritage in research and development, Internet architecture and governance, as well as security in the area of DNS and inter-domain routing.

Miratech

Miratech

Miratech is a global IT services and consulting organization offering a full range of IT infrastructure solutions and services including cyber security.

Assystem

Assystem

Assystem delivers a comprehensive security approach for the industrial and service sectors that integrates physical security systems, industrial cyber-security, functional safety and dependability.

Slice

Slice

Slice offer subscription based Cyber Insurance for small businesses.

Nucleus Security

Nucleus Security

Nucleus is a leading Vulnerability Management platform for Large Enterprises, MSPs/MSSPs, and Application Security Teams that want more from their vulnerability management tools.

Lunio

Lunio

Lunio makes the internet a safer and more reliable place for everyone trying to grow their business by automatically getting rid of fake clicks, traffic, and leads on all ad platforms.

National Cyber Coordination & Command Centre (NC4) - Malaysia

National Cyber Coordination & Command Centre (NC4) - Malaysia

NC4 is established as a center for dealing with cyber threats and crisis at the national level in Malaysia.

Pragma Strategy

Pragma Strategy

Pragma is a CREST approved global provider of cybersecurity solutions. We help organisations strengthen cyber resilience and safeguard valuable information assets with a pragmatic approach.

Bright Data

Bright Data

Bright Data Inc is the world’s #1 web data platform, enabling organizations to research, monitor, analyze data, and make better decisions.

COPA-DATA

COPA-DATA

COPA-DATA is the only independent software manufacturer to combine in-depth experience in automation with new possibilities of digital transformation – reliable, future-proof and operating worldwide.

Cloud Software Group

Cloud Software Group

Cloud Software Group provides mission-critical software to enterprises at scale.

Blackwired

Blackwired

Blackwired has established a new category in cyber security with an intelligence-led model based on the USMC’s Combat Hunter programme ‘Left of Bang’.