Clop Ransomware Leaks Data Stolen from Colorado, Miami Universities
Sensitive information such as financial documents, enrollment information, and academic records have been published online.
Last December, threat actors related to the Clop ransomware operation began targeting Accellion FTA servers and exfiltrating the data stored on them (sensitive files and information on people outside of their organization). Subsequently, the ransomware gang contacted the organizations and threaten to leak the stolen data if they didn’t pay $10 million in bitcoin.
Flagstar Bank, one of the largest residential mortgage servicers and largest banks in the USA, became the victim of a major data breach in January, exposing customer and employee data after their Accellion FTA server was breached.
Multinational oil and gas company Shell was the latest victim to have suffered a data breach after attackers compromised the company’s secure file-sharing system powered by Accellion’s File Transfer Appliance.
But then the hackers turned their attention to universities. This week, screenshots of files stolen from Accellion FTA servers used by the University of Miami and the University of Colorado were published by the Clop ransomware gang. The leaks included names, birth dates, addresses, university financial documents, student grades, academic records, and enrollment information.
In February, the University of Colorado (CU) issued a statement revealing that they were the victims of a cyberattack where threat actors exfiltrated data through the Accellion FTA vulnerability.
The University of Colorado experienced a cyberattack on a vulnerability in software provided by third-party vendor Accellion, which alerted the university in late January. CU is one of fewer than 50 Accellion customers that were affected by the attack. We believe personally identifiable information from students, employees, and others may have been compromised.
Although the University of Miami never reported a cyberattack, the Clop ransomware gang published screenshots of patient data from the University’s health system, including medical records, demographic reports, and a spreadsheet with email addresses and phone numbers.
University representatives have provided the DataBreaches team with the following statement:
The University of Miami is currently investigating a data security incident involving Accellion, a third-party provider of hosted file transfer services. We take data security seriously and data protection is a top priority. As soon as we became aware of the incident, we took immediate action to investigate and contain it. We also retained leading cybersecurity experts to assist with our investigation. We have reported the incident to law enforcement and are cooperating with their investigation. Based on our investigation to date, the incident was limited to the Accellion server used for secure file transfers and did not compromise other University of Miami systems or affect outside systems linked to the University of Miami’s network.
While we believe based on our investigation to date that the incident is limited to the Accellion server used for secure file transfers, we continue to enhance our cybersecurity program to further safeguard our systems from cyber threats. We continue to serve our University community consistent with our commitment to education, research, innovation, and service.
The University of Colorado is in the process of notifying those affected by the data breach. In addition, they will provide free monitoring services for anyone whose information was compromised. Students and employees are advised to take precautionary measures to protect their identity by visiting identitytheft.gov/databreach.