CU data cyberattack

On Tuesday, Feb. 9, the University of Colorado President Mark Kennedy informed members of all four CU campuses of a cyberattack with possible implications for many members in the community, including faculty, staff and students. 

According to the letter sent by Kennedy, hackers exploited vulnerabilities in data transferring software from parent company, Accellion Inc. CU has since shut down the file service, File Transfer Appliance (FTA) which provided for transferring large files and data sets. 

“We believe a substantial number of individual records might have been compromised, including student and employee personally identifiable information,” Kennedy wrote. “Other information could include limited health and clinical data and study and research data.”

CU’s information security team is currently determining what information was compromised from FTA, but at the moment, it is confirmed information leaked was from the Boulder campus. Boulder clients that use the service have been notified, Kennedy said. 

Close to 300 of Accellion’s clients were attacked as well, alerting state and federal organizations to take action. Kennedy reminded the CU community of the importance of cybersecurity and directed questions for keeping data safe to each local information security office.

For more information and updates, visit the website provided by Kennedy as investigations and data recovery continue.