The University of Miami confirmed on March 23 that it has experienced a ransomware attack involving Accellion, a third-party provider of hosted file transfer services.
The University of Miami wasn’t the only victim of an Accellion data breach. In January, Accellion notified the University of Colorado that it was a victim of a ransomware attack.
Reports indicate the CLOP ransomware group contacted the universities and demanded $10 million in bitcoin or they would publish the stolen data. This week the group began publishing screenshots of files stolen from Accellion servers used by the University of Miami and Colorado. The stolen files contained university financial documents, student grades, academic records, enrollment information, student biographical information, and patient healthcare data, including medical records, demographic reports, and a spreadsheet with email addresses and phone numbers.
When the University of Miami reported about the attack to the general public, the school said Accellion was used by “a small number of individuals” to transfer files too large for email. The university did confirm that it has since discontinued the use of Accellion file transfer services.
While the investigation is ongoing, the University of Miami said in a statement that it believes the incident was limited to the Accellion server used for secure file transfers and did not compromise other University of Miami systems or affect outside systems linked to the University of Miami’s network. The school also confirmed that once the investigation and data analysis are complete, the University of Maimi will notify affected individuals.
Similarly, Colorado suspended its use of Accellion on Jan. 25 and issued a notice to users. The school contacted the 447 CU users that had files uploaded in January. As part of its investigation, the school asked those users to contact the Office of Information Security if they shared highly confidential data during January.
The University of Colorado did resume the use of Accellion on Jan. 28 after the software company provided a patch. The school’s Office of Information Technology confirmed that files and workspaces were successfully transferred to a new virtual appliance with the newly released version of the software.