University Of California, Kroger Among Organizations Hit By Major Cyberattack On Accellion Firewall Software
LOS ANGELES (CBSLA) — A major cyberattack on more than 100 organizations may have exposed the personal information of University of California employees, retirees, students and other people who have participated in UC programs.
UC officials notified its community on May 10 of a Christmas Eve hack that targeted its Accellion firewall equipment. Personal information – including full names, addresses, phone numbers Social Security numbers, driver's license information, passport information, bank routing and account numbers, and birthdates – were among the data that were posted on the internet, UC officials confirmed on March 29.
Prospective students who have started or completed applications for the 2021-22 school year may have also had their names, email addresses and phone numbers exposed.
UC officials did not specify how many people may have been exposed in its data breach.
The system has since been taken offline and patched, and no other systems appear to have been affected by the hack. UC officials say they are in the process of transitioning to a more secure solution.
The UC community was notified of the data breach by email and given access to free credit monitoring and identity theft protection services. Officials say they are working to identify and contact those whose personal information was exposed.
Kroger, which operates Ralphs and Food 4 Less stores in Southern California, was also impacted by the Accellion cyberattack. The grocery store chain says the incident was isolated to the Accellion service and did not affect its internal IT systems, but the software was used for secure file transfers of HR data, and pharmacy and clinic customer information. Non-sensitive information, like loyalty program data, for approximately 2% of Kroger's customers was impacted, and the company says the data breach did not impact customer passwords, credit or debit card, or digital wallet information.