Accellion Data Breach, April 2021

FAQs about the Accellion data breach and how to protect yourself

How to Protect Your Data

UPDATE - Town hall on the UC data breach - April 8, 10:00 AM

UCSC Information Security will hold a town hall on the data security breach that is affecting the UC community. This will be an opportunity for you to learn more about the data breach and what to do to protect your personal information, including signing up for free credit monitoring and identity theft protection.

UPDATE - MONDAY, APRIL 5: 3:45PM

To ensure that all campus employees are aware of the data security incident and know what to do to protect their personal information, including signing up for free credit monitoring and identity theft protection.

All managers and supervisors have been asked by Staff HR to take the following steps:

• Proactively reach out to any employees who may have limited access to their email or who are on extended break from the university to share the UCOP message (also available in Spanish).
• In staff meetings, discuss the incident and the recommended steps employees can take to protect their information.
• If you are managing employees working in-person at a campus location, print and post the UC message in English and Spanish in a common staff area currently accessible to employees, such as a break room.

Please contact SHRhelp@ucsc.edu if you need assistance contacting an employee.

UPDATE - MONDAY, APRIL 5: 11:50AM

UCSC will be conducting a Town Hall open to all students, faculty and staff to learn more about the Accellion Data Breach and steps to take to protect your data - DATE/TIME TBD

UPDATE - FRIDAY, APRIL 2, 5:30PM

UC Office of the President sent an email on April 2, 2021 with information about a cyber security incident and the steps to take to monitor your personal information. Please read it carefully for more information and resources.

We understand that this may be disconcerting and want to emphasize that, in coordination with UCOP, UC Santa Cruz is developing a response to support our campus community. 

The campus will share any additional information we receive and details for a town hall meeting next week.

What we know now

• The attack involves the use of Accellion, a vendor used by many organizations for secure file transfer, in which an unauthorized individual appears to have copied and transferred UC files by exploiting a vulnerability in Accellion’s file transfer service.

• Beginning Thursday, March 25, many UC email accounts, including UCSC recipients, received messages warning that their personal data had been stolen and would be released.
  

What we’re doing to respond

• The security team at UCOP is continuing to investigate this attack and to determine the scope of impact. We will support members of the UCSC community that may have been affected by this incident.

• Most of the phishing these emails were blocked by Gmail’s spam filters. We have subsequently taken additional steps to block these messages from being received by UCSC email accounts. 

• For users on the campus network (on campus or using the campus’s virtual private network), we’ve blocked requests to the website referenced in the phishing email.
  

What you can do

• To help you protect your identity, UC is offering the entire UC community complimentary credit monitoring and identity theft protection for one year through Experian IdentityWorksSM. Learn how to sign up and additional protective steps. 

• You may receive a phishing attempt related to this incident. DO NOT open the email or click on the link. Report the message to the Information Security Team.