Cyber Incident Victim: University of California, Los Angeles
Date:
Apr 2021
Location:
United States of America
Summary
The University of California, Los Angeles experienced cyberattacks targeting its retiree community through phishing attempts and fraudulent schemes designed to steal personal and financial information. Attackers exploited digital platforms to compromise retirement accounts and sensitive data, posing risks to affected individuals' financial security. The university issued warnings about these threats, emphasizing the need for vigilance against deceptive online activities. While specific operational disruptions were not detailed, the incident highlighted vulnerabilities in managing retiree communications and account security. Protective guidance was disseminated to mitigate further exploitation of personal data and retirement benefits.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
In March 2021, the University of California system, including UCLA, disclosed it had been targeted in a nationwide cyber attack involving Accellion’s file-transfer service. The breach occurred when an unauthorized actor exploited a vulnerability in Accellion’s system, which UC and other universities, government agencies, and private companies used for file transfers. The attacker copied and transferred UC files stored within the Accellion platform. Upon discovering the incident, UC immediately reported it to federal law enforcement, initiated containment measures to prevent further unauthorized access, and launched an internal investigation. Preliminary findings indicated the compromise was isolated to the Accellion service and did not affect other UC systems or networks. UC emphasized that its investigation remained ongoing to determine the full scope of data exposure.
The university began reviewing potentially exfiltrated files to identify impacted individuals and data types, with plans to notify affected parties once the analysis concluded. Concurrently, attackers sent mass emails to UC community members threatening to publish stolen personal data unless recipients paid ransom demands. UC warned individuals to forward these messages to campus information security offices or delete them outright, reiterating standard precautions against opening suspicious links or attachments. While no specific identity theft incidents were confirmed as stemming from the breach, UC advised proactive measures such as consulting the IdentityTheft.gov resource, placing fraud alerts with credit bureaus, or freezing credit reports. UC committed to providing further updates as its investigation progressed but did not disclose technical details of the vulnerability, attacker identity, or exact timeline of the intrusion.