Search This Blog

Powered by Blogger.

Blog Archive

Labels

Privacy Breach Shockwaves: Colorado State University Students and Staff Impacted by Data Breach

Colorado State University faces a data breach impacting students and staff, exposing personal information to hackers. Investigation underway.

 


According to CBS News, a Colorado university is at risk of exposing 30,000 current and former students' data to hackers. As reported by the University of Colorado Boulder, the incident is the result of a cyber-attack perpetrated against a third-party service called Atlassian in response to a request. 

An institution's Office of Information Technology uses software called Atlassian to keep track of documents and resources shared by all departments. 

The attack led to the illegal access of a few files stored within the program due to the nature of the attack. As a result, potentially sensitive data, including the personal information of both current and former students, was exposed. The types of information exposed ranged from names, addresses, dates of birth, telephone numbers, and genders to names, student ID numbers, and addresses. 

According to CSU, the Clop ransomware operation suffered a recent data-theft attack entitled MOVEit Transfer, which stole sensitive personal information from current and former students, employees, and others in the university community.

In addition to the nearly 28,000 students and 6,000 academic and administrative staff members at Colorado State University, the university has an endowment worth $558,000,000 and is supported by the state. 

There has been a breach in the university's data security in which threat actors have gained access to students and staff's data. The university issued a notification on July 12th, 2023 to inform students and staff of the breach. 

While CSU has yet to assess the extent and impact of the data breach, a statement has been posted on a webpage dedicated to the incident. 

The stolen data dates back to 2021, perhaps even earlier. Therefore, graduates may have been affected by the theft if the data is from 2021. The data leakage is not the direct result of a breach of any CSU systems but rather is the result of a compromise by the University's service vendors, TIAA, National Student Clearinghouse, Corbridge Financial, Genworth Financial, Sunlife Financial, and The Hartford, which provided services to the University. 

A wave of data-theft attacks occurred in May 2023 as a result of a breach in the security of the MOVEit Transfer file transfer platform. These providers all utilized this platform to send files securely over the internet. Many universities throughout the United States receive services from these entities. This may mean other educational institutes will soon publish statements similar to those published by CSU. 

The University of Delaware, Stony Brook University, and the Western University of Health Sciences have all posted notices concerning data breaches relating to breaches at TIAA Financial, NSC Financial, and Corbridge Financial since then. 

At the moment, CSU is working with forensic experts to conduct an internal investigation to determine which records and individuals have been impacted in this incident, and will then send out individualized notification letters to those individuals containing additional resources and information on how to protect themselves from future incidents. 

The university and the local law enforcement authorities are urging all members of the CSU community to be vigilant and to report suspected incidents of identity theft to both the university and the law enforcement agencies. Members of the CSU cannot currently choose from a variety of identity theft coverage options; therefore, they are encouraged to follow the advice that has been published by the Federal Trade Commission.
Share it:

CSU

Cyberattacks

CyberCrime

Cybersecurity

Data Leak

Privacy

University