The CASE building, where some members of the Office of Information Technology are located. (Courtesy of the University of Colorado Boulder)
The University of Colorado is sending out electronic notifications to approximately 30,000 current and former students and community members following a data breach. The breach was a result of a security vulnerability in Atlassian, which the university’s Office of Information Technology(OIT) uses as a collaborative tool.
Of the 30,000 people affected by the breach, a statement published in CU Boulder Today said that most of them are no longer associated with CU. This attack is unrelated to the Accellion breach, another recent cyber attack, which happened earlier this year.
This most recent breach included files that contained information that could clearly identify some of the 30,000 affected individuals. The breached data includes student ID numbers, addresses, dates of birth, phone numbers and other information.
The attackers accessed and viewed some of this information, OIT reported after an investigation.
OIT and the university’s information security office will be notifying affected individuals via email. The university said that monitoring services are available to those affected at no cost.
After the breach, OIT upgraded the software to the latest version which does not share the same vulnerability. OIT was evaluating the new version when the attack occurred.
To avoid this kind of data breach, people are encouraged to be more careful when accessing and sending data online. If you’re working from home using a Linux computer, you may want to check whether your personal data has been affected by the breach using grep command lines to search and find text and strings in your files.
Those with questions about the attack can call CU Boulder’s incident helpline at 855-732-0814.
Contact CU Independent Staff Writer Alexander Edwards at alexander.edwards@colorado.edu.
