CU Boulder Hit With 'Malicious' Cyberattack

Boulder CO

10 February, 2021

11:49 AM

Description

BOULDER, CO — Private data from more than 440 people may have been exposed in a cyberattack at the University of Colorado, officials announced Tuesday. One of the university's vendors, Accellion, Inc., notified officials in late January that attackers were able to exploit a vulnerability in its software that allowed temporary access to files uploaded in a transfer service. The university shut down the service Jan. 25 and issued a notice to those who may have been affected, officials said. "The company provides us services for transferring large files and data sets that can include sensitive information, particularly information protected by privacy laws," CU President Mark Kennedy wrote in a letter to the university community. "We believe a substantial number of individual records might have been compromised, including student and employee personally identifiable information. Based on the nature of the file transfer service, other information could include limited health and clinical data (none at CU Anschutz that we are aware of at this point), and study and research data." Don't miss the latest news updates in Boulder: Free Boulder Patch Newsletters and Email Alerts | Facebook | Twitter Kennedy called the cyberattack "malicious." "We are working diligently to determine precisely what information was compromised. At this point, we know most was from the Boulder campus and some was from the Denver campus," his letter read. "CU Anschutz, UCCS, system administration or the CU Foundation do not seem to be affected, but we are still investigating." The university has set up a web page with information about the cyberattack, which will be updated as the investigation continues, Kennedy said. Accellion provides service to hundreds of customers, including health care companies, the federal government, colleges and businesses. Around 300 clients were impacted by the attack, Kennedy said.