Cyber Incident Victim: Yeshiva University
Date:
Mar 2021
Location:
United States of America
Summary
A cyber incident involving the exploitation of vulnerabilities in Accellion's File Transfer Appliance (FTA) service led to unauthorized data access and theft by the FIN11 threat group, impacting Yeshiva University alongside multiple educational institutions, government entities, and private sector organizations. The attackers leaked stolen files, including personal information such as names, contact details, and sensitive documents, with affected universities discontinuing use of the compromised service. The breach stemmed from the FTA's use for transferring large files, exposing data across sectors including healthcare, legal, telecommunications, and energy.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The incident involving Yeshiva University emerged as part of a broader cyberattack campaign targeting Accellion’s legacy File Transfer Appliance (FTA) service in early 2021. On March 26, 2021, the University of Miami publicly disclosed its breach via a notification linked to the Accellion compromise, revealing that unauthorized actors had accessed files transferred through the FTA platform. This disclosure coincided with the FIN11 cybercrime group—known for ransomware operations and data extortion—publishing stolen data from multiple organizations on their Tor-based leaks website. Among the affected entities listed alongside corporations like Shell, Qualys, and Bombardier were six universities, including Yeshiva University, the University of California, and Stanford University. The attackers exploited vulnerabilities in Accellion’s FTA, which was nearing retirement but still used by approximately 300 customers globally at the time of the breach.
Shell had previously confirmed on March 24 that its Accellion FTA instance was compromised, resulting in theft of corporate and employee personal data. FIN11 subsequently leaked samples of stolen files, including passport copies and internal reports, to pressure victims. For educational institutions, the group published data allegedly exfiltrated from University of Miami’s health system (UHealth), containing patient names, phone numbers, and email addresses. While specific details of Yeshiva University’s compromised data were not enumerated in public reports, the university was confirmed among the FTA-impacted entities whose information appeared on the leak site. The University of Miami’s notification clarified that only a limited number of users employed Accellion FTA for large file transfers, and all use was discontinued post-incident. No ransomware deployment was reported in this campaign, with FIN11 focusing solely on data theft and extortion. The breach impacted entities across government, healthcare, legal, and energy sectors, exposing sensitive information from at least 25 organizations that suffered significant data loss through the Accellion system.