An American college is notifying hundreds of previous and current learners that their individual info might have been compromised throughout a new knowledge breach.
In a security notice issued October 25, the College of Colorado Boulder (CU Boulder) attributed the breach to an unpatched vulnerability in program delivered by a 3rd-party vendor, Atlassian Corporation Plc.
Atlassian is an Australian computer software company headquartered in Sydney that develops products for computer software developers, task professionals and other computer software development groups.
CU Boulder mentioned that the flaw “impacted a method utilized mainly by the Place of work of Data Technology (OIT) to share sources, these as support and procedural files, configuration data files and collaborative documents.”
Some documents stored in the impacted system contained personally identifiable information (PII) for present-day and previous CU Boulder students. Bundled in that data were names, college student ID numbers, addresses, dates of delivery, phone quantities, and genders.
No Social Security numbers or monetary info was uncovered throughout the security incident.
“An analysis by the Business of Details Security uncovered some info saved in the program was accessed by an attacker,” claimed CU Boulder.
Atlassian produced a patch for the flaw on August 25. Considering the fact that the incident, OIT has upgraded the software to the most up-to-date model, which is not vulnerable to the vulnerability that was exploited by the attacker.
CU Boulder reported that the Business was testing the new model and getting ready to carry out it when the intrusion transpired.
The college reported that most of the around 30,000 persons whose data may perhaps have been compromised in the incident are no more time affiliated with CU Boulder as a college student or personnel. Victims are remaining notified by the university by using email.
Dan Jones, associate vice chancellor for integrity, safety and compliance at the college, said campus officials did not know who was behind the cyber-attack.
“Checking expert services will be built available at no price tag for men and women whose confidentiality might have been compromised,” claimed CU Boulder.
The university reported that the facts breach was not connected to the cyber-attack on CU’s Accellion service earlier this 12 months, which compromised info in 310,000 documents, which includes university student info and clinical info.
Some elements of this short article are sourced from: