Staff and students at the University of California at Berkeley and other UC campuses statewide are being advised to take immediate steps to protect their personal information, including credit and identity theft monitoring, in the wake of a national cyberattack announced the previous week.
The entire University of California system was included in those victimized in the breach, and emails soon started arriving at university-related accounts threatening to release information.
"This was part of a national cyberattack involving several hundred institutions across the United States," the university's Office of Emergency Management said in an advisory Tuesday, noting that Social Security numbers and bank account information "may be at risk."
The data breach involves the technology company Accellion, contracted by UC and others to transfer information.
"Accellion was the target of an international cyberattack where the perpetrators exploited a vulnerability in Accellion's program and attacked roughly 100 organizations," the university said. "The attackers are now attempting to get money from organizations and individuals" by threatening to publish the information on the dark web.
"We are working with local and federal law enforcement and third-party vendors to investigate this incident, to assess the information that has been compromised, to enforce the law, and to limit the release of stolen information," the university said.
"To help you protect your identity, we are offering the entire UC community complimentary credit monitoring and identity theft protection for one year through Experian IdentityWorksSM," officials said.
Anyone in the university community receiving suspicious emails is asked to report them to campus IT staff and not to click on any links or reply to the sender.