UC Office of the President sent an email today (April 2) with information about a cyber security incident and the steps to take to monitor your personal information. Please read it carefully for more information and resources.
We understand that this may be disconcerting and want to emphasize that, in coordination with UCOP, UC Santa Cruz is developing a response to support our campus community.
The campus will share any additional information we receive and details for a town hall meeting next week.
What we know now
-
The attack involves the use of Accellion, a vendor used by many organizations for secure file transfer, in which an unauthorized individual appears to have copied and transferred UC files by exploiting a vulnerability in Accellion’s file transfer service.
-
Beginning Thursday, March 25, many UC email accounts, including UCSC recipients, received messages warning that their personal data had been stolen and would be released.
What we’re doing to respond
-
The security team at UCOP is continuing to investigate this attack and to determine the scope of impact. We will support members of the UCSC community that may have been affected by this incident.
-
Most of the phishing these emails were blocked by Gmail’s spam filters. We have subsequently taken additional steps to block these messages from being received by UCSC email accounts.
-
For users on the campus network (on campus or using the campus’s virtual private network), we’ve blocked requests to the website referenced in the phishing email.
What you can do
-
To help you protect your identity, UC is offering the entire UC community complimentary credit monitoring and identity theft protection for one year through Experian IdentityWorksSM. Learn how to sign up and additional protective steps.
-
You may receive a phishing attempt related to this incident. DO NOT open the email or click on the link. Report the message to the Information Security Team.
