'Doubly Disappointing': CU Cyberattack Hits Sensitive Security Information
BOULDER, Colo. (CBS4) - A cyber attack on a University of Colorado vendor resulted in a major theft of data from the university.
"We believe this is going to be the largest attack on CU data," Ken McConnellogue, Vice president of communications for the University said.
It involved a computer program from the California-based company Accellion which is used for transfer of large computer files. Individual records and data of faculty, staff and students may have been stolen.
Students including Jake Snyder were notified.
"We got an email about it, and it was pretty concerning, that being said, at the end of the day there's nothing I can do personally so I am just trying to put my face in the university," he said.
The university posted information on its website saying it was notified in late January, but the attack occurred in December. That raises questions as to why the university wasn't contacted earlier.
RELATED: Personal Information Compromised In CU Cyberattack Believed To Be Largest In University History
The program was then shut down by the Office of Information Technology. A patch has since corrected the problem. Ironically, the program had partially been used for its security.
McConnellogue explained, "Yes part of it is to handle secure files and that makes it doubly disappointing that sensitive data was able to be accessed out there."
Nearly 450 users have been notified of the hack. What was taken could include research and health data, as well as personally identifable information of students in Boulder and in Denver.
In 2005, an attack took some 50,000 records. This one is expected to be more than that.
Some 300 Accellion customers were impacted including in Washington state, Australia and New Zealand.
