Campus Beat Reporter
On March 31, UC Santa Barbara (UCSB) students experienced a security breach on the school network. This attack was part of a larger nationwide security breach affecting 300 organizations. It affected not only schools within the UC system, but schools nationwide including the University of Miami, the University of Colorado, and the Stanford School of Medicine.
The university sent out an official statement on April 2 detailing the incident. Administrators believe that potentially stolen data includes birth dates, Social Security Numbers (SSN), and bank account information. Even students’ family members’ information may be at risk, according to the FAQs released by UCNet on April 5.
The FAQs also state that the university is currently working with federal law enforcement and other third-party programs to investigate the attack and develop preventative measures for the future.
The university recommends that students sign up with the credit bureau Experian to protect against future cyber attacks. Despite the efforts to keep students’ information secure, students say that their trust in the university is waning as a result of the recent problem.
The cyber attack came as a mass email sent to many, but not all UCSB students. It included an online link and a message threatening to publish personal data belonging to the recipient on the dark web.
While the perpetrator remains unknown, the hacker has been reported to use the program Accellion in the incident. Accellion is a web security company that allows its clients to control third-party communication, simplify security, and monitor sensitive data coming and going through the client’s database. In the data breach, every affected organization used Accellion to protect their network.
Currently, Accellion is facing 14 different lawsuits for the recent data breach. One lawsuit, which involves Accellion and the company Kroger, alleges that key people within Accellion have acknowledged that the file transfer appliance (FTA) that is included in their security package is outdated — being about 20 years old.
The Kroger lawsuit asserts that Joel York, the Chief Marketing Officer of Accellion, confirmed that Accellion is “encouraging its clients to discontinue use of FTA because it does not protect against modern data breaches.” The same FTA software faced a cyber-attack in February as well.
Students are calling for UCSB to implement more secure programs to protect against any web attacks in the future. A discussion on r/UCSantaBarbara directs the blame not only on Accellion for failing to update their software, but also on UCSB for failing to choose a stronger security provider.
“Although it’s an Accellion product that [had vulnerabilities] in it, the UC protected the very sensitive data on millions of students and faculty with a shitty out-of-date piece of software from the early 2000s,” commented an anonymous user on the post. “I’m not an IT person, but this seems grossly negligent.”
UCSB administrators advise students to closely monitor their bank and SSN data if they suspect they have been affected by the cyber-attack.