An American college is notifying hundreds of former and present-day college students that their own information and facts might have been compromised in the course of a current knowledge breach.
In a security notice issued October 25, the University of Colorado Boulder (CU Boulder) attributed the breach to an unpatched vulnerability in computer software presented by a third-party seller, Atlassian Company Plc.
Atlassian is an Australian software package enterprise headquartered in Sydney that develops items for computer software builders, project professionals and other software program enhancement groups.
CU Boulder reported that the flaw “impacted a program used typically by the Business office of Information Technology (OIT) to share methods, this sort of as guidance and procedural documents, configuration files and collaborative paperwork.”
Some information saved in the impacted plan contained individually identifiable data (PII) for latest and former CU Boulder students. Involved in that information and facts had been names, college student ID quantities, addresses, dates of birth, phone numbers, and genders.
No Social Security numbers or financial data was exposed all through the security incident.
“An examination by the Office of Details Security revealed some information stored in the plan was accessed by an attacker,” explained CU Boulder.
Atlassian unveiled a patch for the flaw on August 25. Given that the incident, OIT has upgraded the program to the most current edition, which is not vulnerable to the vulnerability that the attacker exploited.
CU Boulder stated that the Office was tests the new variation and getting ready to carry out it when the intrusion transpired.
The university reported that most of the roughly 30,000 persons whose details may perhaps have been compromised in the incident are no for a longer period affiliated with CU Boulder as a scholar or staff. Victims are getting notified by the university through email.
Dan Jones, associate vice chancellor for integrity, protection and compliance at the university, said campus officials did not know who was driving the cyber-attack.
“Monitoring solutions will be made out there at no cost for folks whose confidentiality might have been compromised,” claimed CU Boulder.
The college claimed that the info breach was not linked to the cyber-attack on CU’s Accellion service earlier this 12 months, which compromised data in 310,000 files, which includes university student info and health-related information and facts.
Some parts of this short article are sourced from: