An American university is notifying countless numbers of former and present college students that their personalized information and facts might have been compromised during a the latest data breach.
In a security notice issued Oct 25, the University of Colorado Boulder (CU Boulder) attributed the breach to an unpatched vulnerability in software package furnished by a 3rd-celebration seller, Atlassian Company Plc.
Atlassian is an Australian computer software business headquartered in Sydney that develops products for software package developers, task supervisors and other program improvement teams.
CU Boulder claimed that the flaw “impacted a application made use of mainly by the Place of work of Info Technology (OIT) to share resources, these as support and procedural paperwork, configuration documents and collaborative paperwork.”
Some information stored in the impacted system contained individually identifiable data (PII) for present and previous CU Boulder college students. Included in that data ended up names, college student ID numbers, addresses, dates of start, phone numbers, and genders.
No Social Security quantities or economical information and facts was exposed during the security incident.
“An evaluation by the Workplace of Data Security revealed some information saved in the method was accessed by an attacker,” reported CU Boulder.
Atlassian launched a patch for the flaw on August 25. Since the incident, OIT has upgraded the program to the most current edition, which is not prone to the vulnerability that the attacker exploited.
CU Boulder stated that the Office was screening the new edition and preparing to implement it when the intrusion occurred.
The university explained that most of the around 30,000 folks whose details may have been compromised in the incident are no extended affiliated with CU Boulder as a university student or worker. Victims are getting notified by the college through email.
Dan Jones, affiliate vice chancellor for integrity, basic safety and compliance at the university, said campus officials did not know who was driving the cyber-attack.
“Monitoring solutions will be designed readily available at no cost for individuals whose confidentiality may have been compromised,” said CU Boulder.
The university explained that the details breach was not linked to the cyber-attack on CU’s Accellion support previously this 12 months, which compromised details in 310,000 information, such as university student data and professional medical details.
Some parts of this article are sourced from:
www.infosecurity-magazine.com