Cyber Incident Victim: University of California, Davis

In late March 2021, the University of California system, including UC Davis, was targeted in a nationwide cyberattack exploiting vulnerabilities in Accellion’s secure file transfer service. The attackers gained unauthorized access to UC’s Accellion instance, copying and transferring institutional files by leveraging a flaw in the vendor’s software. UC officials confirmed the breach affected multiple entities beyond higher education, including government agencies and private companies. Upon discovering the incident, UC immediately notified federal law enforcement agencies, initiated containment protocols to isolate the compromise, and launched an internal investigation. Preliminary analysis indicated the attack was confined to the Accellion file transfer system, with no evidence of lateral movement into core UC networks or other university systems. The investigation focused on identifying the scope of data exfiltrated from Accellion’s platform, which UC utilized for secure document sharing.

UC initiated a comprehensive review of potentially compromised files to determine the nature of stolen data and affected individuals. While the forensic examination was ongoing, attackers publicly released screenshots containing personal information purportedly obtained during the breach. UC committed to notifying community members if their data was confirmed among the leaked materials, though specific details regarding data categories or victim counts remained undisclosed pending the investigation’s completion. The university acknowledged the likelihood of sensitive information exposure but did not confirm particular data elements beyond the screenshots. Response efforts prioritized containment through system isolation, collaboration with law enforcement, and preparatory measures for individual notifications once impacted parties were definitively identified. No operational disruptions to university functions beyond the Accellion service were reported.