This article was revised on May 12, 2021, with updated information about credit monitoring and ID theft protection. Please see this notice from UC.
TO THE UNIVERSITY OF CALIFORNIA COMMUNITY
We are writing to provide you additional information about a data security incident affecting the UC community and what you should do to protect your personal information.
As was announced on March 31st, like several hundred other institutions throughout the country, including universities, government institutions and private companies, UC has been using a vendor service called Accellion File Transfer Appliance (FTA) to transfer information. Accellion was the target of an international cyber attack where the perpetrators exploited a vulnerability in Accellion’s program and attacked roughly 100 organizations. The attackers have published stolen information on the Internet in an attempt to get money from organizations and individuals.
We are working with local and federal law enforcement and third-party vendors to investigate this incident, to assess the information that has been compromised, to enforce the law, and to limit the release of stolen information.
We are alerting you now so you are able to take protective actions as we work to address the situation.
What you should do to protect your personal and financial information:
- Sign up for free credit monitoring and identity theft protection: To help you protect your identity, we are offering the entire UC community complimentary credit monitoring and identity theft protection for one year through Experian IdentityWorksSM. For UC community members that have not registered for these services, information about how to register will be contained in an update email. Many UC community members have signed up for this service and we encourage anyone who hasn’t enrolled to sign up now.
- Monitor and set up alerts for bank account(s): Monitor your bank account(s) for suspicious transactions and report any to your bank. Ask the bank for online monitoring and alerts on your account. This will give you early warning of any fraudulent transactions.
- Watch out for suspicious emails: We believe the person(s) behind the Accellion FTA attack may send threatening mass emails in an attempt to scare people into giving them money. Anyone receiving such an email should either forward it to your local information security office or simply delete it. Please do not engage or respond.
- Place a fraud alert on your credit file: We recommend you place a fraud alert on your credit file by contacting one of the three nationwide credit bureaus listed below. If a fraud alert is placed on a consumer’s credit file, certain identity verification steps must be taken prior to extending new credit.
- Important reminders about protecting yourself: These incidents are reminders of the importance of doing everything possible to protect your online information. Here are five rules for protecting your information. In addition, you may wish to take additional identity theft measures described at https://www.identitytheft.gov/databreach
We regard the privacy of all of our community members with the utmost seriousness. We will keep the UC community updated as we learn more and are able to share additional information.