Data Breach At Colorado University

Uploaded on 2021-11-01 in FREE TO VIEW, TECHNOLOGY--Hackers

Another US university has notified thousands of former and current students that their personal information may have been compromised during a recent data breach. In a security notice issued the University of Colorado Boulder (CU Boulder) attributed the breach to an unpatched vulnerability in software provided by a third-party vendor, an Australian software company, Atlassian Corp.

CU Boulder said that, “Notifications are being distributed electronically this week to approximately 30,000 former and current CU affiliates regarding a data security compromise. 

Most of the individuals impacted are no longer affiliated with CU as a student or employee. This security incident is unrelated to the cyber attack on CU’s Accellion service earlier this year.” Attackers exploited a vulnerability in Atlassian software that CU Boulder’s Office of Information Technology uses to share information and accessed files that contained information including names, student ID numbers, addresses, dates of birth, phone numbers and genders and former CU Boulder.  

No Social Security numbers or financial information was exposed during the security incident. “An analysis by the Office of Information Security revealed some data stored in the program was accessed by an attacker,” said CU Boulder. Atlassian released a patch for the flaw on August 25. Since the incident, OIT has upgraded the software to the latest version, which is not susceptible to the vulnerability that the attacker exploited.

CU Boulder said that the Office was testing the new version and preparing to implement it when the intrusion occurred.

The university said that most of the roughly 30,000 individuals whose data may have been compromised are being notified by the university via email.  Dan Jones, associate vice chancellor for integrity, safety and compliance at the university, said campus officials did not know who was behind the cyber-attack.  “Monitoring services will be made available at no cost for individuals whose confidentiality may have been compromised,” said CU Boulder.

The university said that the data breach was not connected to the cyber attack on CU’s Accellion service earlier this year, which compromised information in 310,000 files, including student data and medical information.

This is the second known case of CU data being breached in a cyber attack 2021.  In January, CU was one of many clients affected by an attack on Accellion, a large file transfer service. Files of 447 users were accessed in the breach, containing personal information for thousands of students, faculty and staff across all CU campuses

Colorado.edu:   Denver Post:   Porstswigger:    CPR:   Infosecurity Magazine:   Digital HackerNetwork World

You Might Also Read: 

British Schools & Universities Suffer Attacks:

 

« Crypto Currency Fraud Costs £Millions
NATO Publishes An Artificial Intelligence Strategy »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Mimecast

Mimecast

Mimecast delivers cloud-based email management for Microsoft Exchange and Microsoft Office 365 including archiving, continuity and security.

Trend Micro

Trend Micro

Trend Micro is a leader in hybrid cloud, endpoint, and network security solutions.

Athena Dynamics

Athena Dynamics

Athena Dynamics focuses on Cyber Security, especially in Critical Information Infra-structure Protection and Enterprise IT Operation Management products and Services.

KayHut

KayHut

KayHut is a young, innovative company engaged in cyber research and security solutions.

Regulus Cyber

Regulus Cyber

Regulus enables drones, robots and autonomous vehicles to operate safely, without malicious or accidental interference to the operation of their mission.

TruSTAR Technology

TruSTAR Technology

TruSTAR is a threat intelligence exchange platform built to protect and incentivize information sharing.

Mantix4

Mantix4

Mantix4’s M4 Cyber Threat Hunting Platform actively defends against cyber threats.

Leadcomm

Leadcomm

Leadcomm is a Brazilian company focused on the distribution and integration of IT systems and security solutions for large companies.

Turkish Accreditation Agency (TURKAK)

Turkish Accreditation Agency (TURKAK)

TURKAK is the national accreditation body for Turkey. The directory of members provides details of organisations offering certification services for ISO 27001.

BeyondTrust

BeyondTrust

BeyondTrust is a leader in Privileged Access Management, offering a seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access.

Force Majeure

Force Majeure

Force Majeure specializes in cybersecurity, incident response, and digital forensics, with experience spanning more than a decade.

Birch Cline Cybersecurity

Birch Cline Cybersecurity

Birch Cline specializes in helping Local Government and Education agencies, as well as mid-market organizations, build and maintain successful cybersecurity programs.

Onwardly

Onwardly

For everyday folks tasked with implementing security and privacy. Do it faster with Onwardly - build, launch and scale your cyber resilience program in 30 minutes per week.

Finite State

Finite State

Finite State enables product security teams to protect the devices we rely on every day through market-leading software threat, vulnerability, and risk management.

CaseMatrix

CaseMatrix

Discover a new era of legal intelligence with CaseMatrix. We identify potential class action cases arising from cyber incidents and data breaches.

TrafficGuard

TrafficGuard

TrafficGuard is an award-winning digital ad verification and fraud prevention platform.

OrbiSky Systems

OrbiSky Systems

OrbiSky Systems is a British tech startup specializing in data management and cybersecurity solutions.

Secur-Serv

Secur-Serv

Secur-Serv is a security-first managed services provider. We provides Managed IT, Managed Print, Managed Device, and Cybersecurity services to companies of every size.