Data Breach At Colorado University

Uploaded on 2021-11-01 in FREE TO VIEW, TECHNOLOGY--Hackers

Another US university has notified thousands of former and current students that their personal information may have been compromised during a recent data breach. In a security notice issued the University of Colorado Boulder (CU Boulder) attributed the breach to an unpatched vulnerability in software provided by a third-party vendor, an Australian software company, Atlassian Corp.

CU Boulder said that, “Notifications are being distributed electronically this week to approximately 30,000 former and current CU affiliates regarding a data security compromise. 

Most of the individuals impacted are no longer affiliated with CU as a student or employee. This security incident is unrelated to the cyber attack on CU’s Accellion service earlier this year.” Attackers exploited a vulnerability in Atlassian software that CU Boulder’s Office of Information Technology uses to share information and accessed files that contained information including names, student ID numbers, addresses, dates of birth, phone numbers and genders and former CU Boulder.  

No Social Security numbers or financial information was exposed during the security incident. “An analysis by the Office of Information Security revealed some data stored in the program was accessed by an attacker,” said CU Boulder. Atlassian released a patch for the flaw on August 25. Since the incident, OIT has upgraded the software to the latest version, which is not susceptible to the vulnerability that the attacker exploited.

CU Boulder said that the Office was testing the new version and preparing to implement it when the intrusion occurred.

The university said that most of the roughly 30,000 individuals whose data may have been compromised are being notified by the university via email.  Dan Jones, associate vice chancellor for integrity, safety and compliance at the university, said campus officials did not know who was behind the cyber-attack.  “Monitoring services will be made available at no cost for individuals whose confidentiality may have been compromised,” said CU Boulder.

The university said that the data breach was not connected to the cyber attack on CU’s Accellion service earlier this year, which compromised information in 310,000 files, including student data and medical information.

This is the second known case of CU data being breached in a cyber attack 2021.  In January, CU was one of many clients affected by an attack on Accellion, a large file transfer service. Files of 447 users were accessed in the breach, containing personal information for thousands of students, faculty and staff across all CU campuses

Colorado.edu:   Denver Post:   Porstswigger:    CPR:   Infosecurity Magazine:   Digital HackerNetwork World

You Might Also Read: 

British Schools & Universities Suffer Attacks:

 

« Crypto Currency Fraud Costs £Millions
NATO Publishes An Artificial Intelligence Strategy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ITpreneurs

ITpreneurs

ITpreneurs provides IT training content, Instructors, Learning Infrastructure and services to IT Training providers.

Virtustream

Virtustream

The Virtustream Enterprise Class Cloud provides a secure, highly available, Infrastructure as a Service (IaaS) to enterprises and government customers.

Snow Software

Snow Software

Snow Software is changing the way organizations think about their technology investments, empowering IT and business leaders to drive transformation with precision and agility.

Trust in Digital Life (TDL)

Trust in Digital Life (TDL)

TDL is a membership association comprising companies, SMEs, universities and research institutes who exchange experience and insights to make digital services in Europe trustworthy and safe.

Advisen

Advisen

Advisen is the leading provider of data, media, and technology solutions for the commercial property and casualty insurance market including cyber risk.

SafenSoft (SnS)

SafenSoft (SnS)

SafenSoft delivers high-efficiency, low-impact proactive protection against malware, insider threats, and confidential data leakage.

Salt Communications

Salt Communications

Salt communications is a global leader in secure communications. Our bespoke platform is the secure communications solution that uniquely gives complete control to our customers.

Irish National Accreditation Board (INAB)

Irish National Accreditation Board (INAB)

INAB is the national accreditation body for Ireland. The directory of members provides details of organisations offering certification services for ISO 27001.

ISMS Accreditation Center (ISMS-AC)

ISMS Accreditation Center (ISMS-AC)

ISMS-AC is the national accreditation body for Japan. The directory of members provides details of organisations offering certification services for ISO 27001.

National Cybersecurity Competence Centre (NC3) - Czech Republic

National Cybersecurity Competence Centre (NC3) - Czech Republic

NC3 has been established in response to growing demands for practically applicable products and solutions for ensuring cybersecurity of critical and non-critical information infrastructures.

The Cyber AB

The Cyber AB

The Cyber AB is the official accreditation body of the Cybersecurity Maturity Model Certification (CMMC) Ecosystem.

Mosaic Insurance

Mosaic Insurance

Mosaic is a next-generation global specialty insurer distinguished by an exceptional team, agile technology, and a structure that combines Lloyd’s of London strength with a global distribution network

Cybertronium

Cybertronium

Cybertronium is a leader in managing cyber risk. We bring you the latest from the complex, ever-evolving online threat environment with the insights to inspire and the expertise to act.

Unit 42

Unit 42

Unit 42 brings together world-renowned threat researchers, incident responders and security consultants to create an intelligence-driven, response-ready organization.

CloudGuard

CloudGuard

CloudGuard is an AI-driven XDR platform that helps organisations to proactively detect and automatically remediate threats in real-time.

Bastion Security Group

Bastion Security Group

Bastion Security combines the skills, expertise and leadership from Quantum Security, ZX Security, Helix Security and Cassini.