Data Breach At Colorado University

Another US university has notified thousands of former and current students that their personal information may have been compromised during a recent data breach. In a security notice issued the University of Colorado Boulder (CU Boulder) attributed the breach to an unpatched vulnerability in software provided by a third-party vendor, an Australian software company, Atlassian Corp.

CU Boulder said that, “Notifications are being distributed electronically this week to approximately 30,000 former and current CU affiliates regarding a data security compromise. 

Most of the individuals impacted are no longer affiliated with CU as a student or employee. This security incident is unrelated to the cyber attack on CU’s Accellion service earlier this year.” Attackers exploited a vulnerability in Atlassian software that CU Boulder’s Office of Information Technology uses to share information and accessed files that contained information including names, student ID numbers, addresses, dates of birth, phone numbers and genders and former CU Boulder.  

No Social Security numbers or financial information was exposed during the security incident. “An analysis by the Office of Information Security revealed some data stored in the program was accessed by an attacker,” said CU Boulder. Atlassian released a patch for the flaw on August 25. Since the incident, OIT has upgraded the software to the latest version, which is not susceptible to the vulnerability that the attacker exploited.

CU Boulder said that the Office was testing the new version and preparing to implement it when the intrusion occurred.

The university said that most of the roughly 30,000 individuals whose data may have been compromised are being notified by the university via email.  Dan Jones, associate vice chancellor for integrity, safety and compliance at the university, said campus officials did not know who was behind the cyber-attack.  “Monitoring services will be made available at no cost for individuals whose confidentiality may have been compromised,” said CU Boulder.

The university said that the data breach was not connected to the cyber attack on CU’s Accellion service earlier this year, which compromised information in 310,000 files, including student data and medical information.

This is the second known case of CU data being breached in a cyber attack 2021.  In January, CU was one of many clients affected by an attack on Accellion, a large file transfer service. Files of 447 users were accessed in the breach, containing personal information for thousands of students, faculty and staff across all CU campuses

Colorado.edu:   Denver Post:   Porstswigger:    CPR:   Infosecurity Magazine:   Digital HackerNetwork World

You Might Also Read: 

British Schools & Universities Suffer Attacks:

 

« Crypto Currency Fraud Costs £Millions
NATO Publishes An Artificial Intelligence Strategy »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

WhiteHat Security

WhiteHat Security

WhiteHat’s products enable customers to “Hack Yourself First” so that they gain a greater understanding of the actual risk to their business.

Irish Reporting & Information Security Service (IRISS)

Irish Reporting & Information Security Service (IRISS)

IRISS-CERT is Ireland's first CSIRT (Computer Security Incident Response Team) to provide services to all users within Ireland.

Deductive Labs

Deductive Labs

Deductive Labs consulting services help customers with their technology, security and automation challenges.

Fox-IT

Fox-IT

Fox-IT prevents, solves and mitigates the most serious cyber threats with smart solutions for governmental bodies, defense, law enforcement, critical infrastructure, banking and large enterprises.

Qatar Computing Research Institute (QCRI)

Qatar Computing Research Institute (QCRI)

QCRI perform cutting-edge research in such areas as Arabic language technologies, social computing, data analytics, distributed systems, cyber security and computational science and engineering.

Anect

Anect

Anect is a leading provider of ICT security and services for hybrid and cloud solutions.

InnoValor

InnoValor

InnoValor realises value from digital innovation for organisations and government. We provide advisory services and develop innovative software solutions, based on our background in research.

GK8

GK8

GK8 is a cyber security company that offers a high security custodian technology for managing and safeguarding digital assets. Secure, Compliant and Practical.

Gallarus Industry Solutions

Gallarus Industry Solutions

Gallarus leads innovation within industrial Manufacturing, Production and Management Systems, including Cyber Security solutions specifically developed to protect against the latest cyber criminality.

Kasada

Kasada

Kasada has developed a radical approach to defeating automated cyberthreats based on its unmatched understanding of the human minds behind them.

Ermetic

Ermetic

Ermetic’s identity-first cloud infrastructure security platform provides holistic, multi-cloud protection in an easy-to-deploy SaaS solution.

National Cybersecurity Consortium (NCC) - Canada

National Cybersecurity Consortium (NCC) - Canada

The NCC’s mandate is to keep Canada’s cyber and critical infrastructures and citizens safe while ensuring Canada’s global competitiveness and leadership in cybersecurity.

DEKRA

DEKRA

DEKRA’s promise is to ensure the safety of human interaction with technology and the environment.

Pulsar Security

Pulsar Security

Pulsar Security is a team of highly skilled, offensive cybersecurity professionals with the industry's most esteemed credentials and advanced real-world experience.

12Port

12Port

12Port network security solutions help companies tackle modern cybersecurity threats cost-effectively while implementing zero-trust architectures.

Tactic Lab

Tactic Lab

Tactic Lab is a group of cybersecurity experts and managed security services provider focused on offensive and defensive security.