UC Email Security Incident Notice

April 5, 2021

Updated May 11, 2021:

UCOP Notice to UC Community: https://ucnet.universityofcalifornia.edu/data-security/index.html

Updated Apr. 15, 2021:

On Thursday, April 15 at 11 a.m. we hosted a town hall for the campus community on how to protect yourself against identity theft.  The recording and slides are available here: https://technology.berkeley.edu/town-hall

Updated Apr. 5, 2021:

Updates from UCOP on the Accellion Breach and FAQs (English and Spanish Translations): 


(Una versión en español del siguiente mensaje se encuentra aquí: https://ucnet.universityofcalifornia.edu/news/2021/04/uc-comm_accellion_...)

We are writing to provide you additional information about a data security incident affecting the UC community and what you should do to protect your personal information.

As was announced on March 31st, UC is one of several institutions targeted by a nationwide cyber attack on Accellion’s File Transfer Appliance (FTA), a vendor service used for transferring sensitive information. This attack has affected approximately 300 organizations, including universities, government institutions and private companies. In this incident the perpetrators gained access to files and confidential personal information by exploiting a vulnerability in Accellion’s program. At this time, we believe the stolen information includes but is not limited to names, birth dates, Social Security numbers and bank account information. The attackers are threatening to publish, or have published, stolen information on the dark web in an attempt to extort organizations and individuals. 

We are working with local and federal law enforcement and third-party vendors to investigate this incident, to assess the information that has been compromised, to enforce the law, and to limit the release of stolen information.

We are alerting you now so you are able to take protective actions as we work to address the situation. 

What you should do to protect your personal and financial information:

  • Sign up for free credit monitoring and identity theft protection: To help you protect your identity, UC is offering the entire UC community complimentary credit monitoring and identity theft protection for one year through Experian IdentityWorksSM. This service includes:

    • Credit monitoring: Actively monitors your Experian file for indicators of fraud.

    • Internet surveillance: Technology searches the web, chat rooms & bulletin boards 24/7 to identify trading or selling of your personal information on the dark web.

    • Identity restoration: Identity restoration specialists are immediately available to help you address credit and non-credit related fraud.

    • Experian IdentityWorks ExtendCARETM: You receive the same high-level of identity restoration support even after your Experian IdentityWorks membership has expired.

    • $1 Million Identity Theft Insurance: Provides coverage for certain costs and unauthorized electronic fund transfers.

    • Lost wallet: Provides assistance with canceling/replacing lost or stolen credit, debit, and medical cards.

    • Child monitoring: For 10 children up to 18 years old, internet surveillance and monitoring to determine whether enrolled minors in your household have an Experian credit report are available. Also included are identity restoration and up to $1M Identity Theft Insurance.

For help with enrolling, you may contact security@berkeley.edu for UC sponsored enrollment code information. 

  • Monitor and set up alerts for bank account(s): Monitor your bank account(s) for suspicious transactions and report any to your bank. Ask the bank for online monitoring and alerts on your account. This will give you early warning of any fraudulent transactions.

  • Watch out for suspicious emails: We believe the person(s) behind the Accellion ATF attack may send threatening mass emails in an attempt to scare people into giving them money. Anyone receiving such an email should either forward it to phishing@berkeley.edu or simply delete it. Please do not engage or respond. 

We regard the privacy of all of our community members with the utmost seriousness. We will keep the UC community updated as we learn more and are able to share additional information.

Thank you,
Carol T. Christ
Jenn Stringer
Associate Vice Chancellor for IT and Chief Information Officer

Mar. 31, 2021: The UC Berkeley Information Security Office, in coordination with the UC Office of the President (UCOP), is responding to a security incident involving UC employee information.

Beginning Monday, March 29, many UC Berkeley email accounts started receiving messages stating that their personal data had been stolen and would be released. We learned from our colleagues that similar messages were being received in email accounts for multiple campuses throughout the UC system.

The Information Security Office investigated and found that these emails contained a link to a public website where a sample of personal data from UC employees was posted. Working with the bConnected email team, we took immediate steps to block these messages from being received by UC Berkeley email accounts.

We learned that some personal UC employee data was obtained through a cyber attack on a UCOP system, and this was the source for the information released. The security team at UCOP, working with law enforcement, is investigating the matter and has released the following statement: https://ucnet.universityofcalifornia.edu/news/2021/03/uc-part-of-nationwide-cyber-attack.html.

We are working with UCOP to determine the scope, and will reach out directly to any members of the UC Berkeley community affected by this incident. In the meantime, if you receive any suspicious email, please report it to us without clicking on any links or replying to the sender. 

This is also a good time to review cybersecurity tips.The UC Cyber Security Awareness Fundamentals course includes some great content on these types of issues, please log onto the UC Learning Center to view the course if you have not already done so.

Always be suspicious of any email asking for personal or user account information. UC Berkeley will never ask you for such information via email. If you have questions or concerns, please contact security@berkeley.edu.

Thank you for your attention to this matter.

Jenn Stringer
Associate Vice Chancellor for IT and Chief Information Officer

Allison Henry
Chief Information Security Officer