Data Breach At Colorado University

Another US university has notified thousands of former and current students that their personal information may have been compromised during a recent data breach. In a security notice issued the University of Colorado Boulder (CU Boulder) attributed the breach to an unpatched vulnerability in software provided by a third-party vendor, an Australian software company, Atlassian Corp.

CU Boulder said that, “Notifications are being distributed electronically this week to approximately 30,000 former and current CU affiliates regarding a data security compromise. 

Most of the individuals impacted are no longer affiliated with CU as a student or employee. This security incident is unrelated to the cyber attack on CU’s Accellion service earlier this year.” Attackers exploited a vulnerability in Atlassian software that CU Boulder’s Office of Information Technology uses to share information and accessed files that contained information including names, student ID numbers, addresses, dates of birth, phone numbers and genders and former CU Boulder.  

No Social Security numbers or financial information was exposed during the security incident. “An analysis by the Office of Information Security revealed some data stored in the program was accessed by an attacker,” said CU Boulder. Atlassian released a patch for the flaw on August 25. Since the incident, OIT has upgraded the software to the latest version, which is not susceptible to the vulnerability that the attacker exploited.

CU Boulder said that the Office was testing the new version and preparing to implement it when the intrusion occurred.

The university said that most of the roughly 30,000 individuals whose data may have been compromised are being notified by the university via email.  Dan Jones, associate vice chancellor for integrity, safety and compliance at the university, said campus officials did not know who was behind the cyber-attack.  “Monitoring services will be made available at no cost for individuals whose confidentiality may have been compromised,” said CU Boulder.

The university said that the data breach was not connected to the cyber attack on CU’s Accellion service earlier this year, which compromised information in 310,000 files, including student data and medical information.

This is the second known case of CU data being breached in a cyber attack 2021.  In January, CU was one of many clients affected by an attack on Accellion, a large file transfer service. Files of 447 users were accessed in the breach, containing personal information for thousands of students, faculty and staff across all CU campuses

Colorado.edu:   Denver Post:   Porstswigger:    CPR:   Infosecurity Magazine:   Digital HackerNetwork World

You Might Also Read: 

British Schools & Universities Suffer Attacks:

 

« Crypto Currency Fraud Costs £Millions
NATO Publishes An Artificial Intelligence Strategy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Bulb Security

Bulb Security

Whether your internal red team or penetration testing team needs training, or you lack internal resources and need an outsourced penetration test, Bulb Security can help.

StratoKey

StratoKey

StratoKey is an intelligent Cloud Access Security Broker (CASB) that secures your cloud and SaaS applications against data breaches, so you can do secure and compliant business in the cloud.

CloudLayar

CloudLayar

CloudLayar is a cloud-based website firewall for protecting your website against online threats.

Global Payments

Global Payments

Global Payments is a leading worldwide provider of payment technology services. Our Fraud Management Solutions help you optimise conversion and reduce the cost of fraud to your business.

Watchcom Security Group

Watchcom Security Group

Watchcom is one of Norway's foremost suppliers of information security consultancy services.

Axis Capital

Axis Capital

AXIS Insurance’s Professional Lines Division is a leading underwriter of technology/cyber coverage and other specialty products around the globe.

Ingalls Information Security

Ingalls Information Security

Ingalls Information Security provides network security, monitoring and forensics.

Entel CyberSecure

Entel CyberSecure

Entel CyberSecure is a portfolio of Cybersecurity solutions and services for the protection, defense, risk management and regulatory compliance of ICT Systems for corporations and Government.

CRI4DATA

CRI4DATA

CRI4DATA's mission is to help organizations build their resilience to cyber risk.

Finosec

Finosec

Finosec's mission is to change the way information security and cybersecurity are managed in banking.

SOC Experts

SOC Experts

SOC Experts is a pioneer (we started SOC training well before people realized how big the domain was going to be) and the only institution to provide end-to-end training on Security Operations Centers

Privafy

Privafy

Privafy helps mobile service providers, IoT manufactures , and enterprises redefine the way they protect Data-in-Motion.

Thistle Technologies

Thistle Technologies

Thistle Technologies is building tools that help connected device manufacturers build security resiliency into devices.

Oasis Technology

Oasis Technology

Oasis Technology are experts in cyber security. In addition to pioneering the game-changing TITAN anti-hacking device, we provide extensive cyber security consulting services.

Aembit

Aembit

Aembit is the Identity Platform that lets DevOps and Security manage, enforce, and audit access between federated workloads

Google Safety Engineering Center (GSEC)

Google Safety Engineering Center (GSEC)

GSEC Málaga is an international cybersecurity hub where Google experts work to understand the cyber threat landscape and to create tools that keep users around the world safer online.