Cyber Incident Victim: University of California Merced

On March 29, 2021, the Clop ransomware group published screenshots of stolen data allegedly belonging to the University of California, Merced, and the University of Maryland. The leaked records included federal tax documents, tuition remission paperwork, nursing board applications, passports, and tax summaries. Specific data types exposed encompassed names, addresses, Social Security numbers, immigration statuses, and birth dates. For UC Merced, compromised information involved Social Security numbers, retirement documents, 2019 and 2020 benefit requests, and health savings plan enrollments. The attackers executed a double-extortion strategy by first deploying ransomware and then threatening to release exfiltrated data unless ransom demands were met. This incident formed part of a broader campaign targeting educational institutions, as Clop had previously leaked data from the University of Miami and the University of Colorado earlier in March 2021.

The breach at the University of Maryland, College Park, was confirmed to have originated from a December 2020 compromise of its Accellion File Transfer Appliance (FTA) server, impacting files containing personal data of students, faculty, and staff. The university initiated credit monitoring services for affected individuals and notified law enforcement agencies. Forensic investigations determined no additional system compromises occurred after March 29. Clop’s activities extended beyond academia, with the group leaking financial data from technology firm Acer after a $50 million ransom demand and energy company Shell reporting a related Accellion FTA breach. The University of Maryland clarified that leaked files pertained specifically to its Baltimore campus operations rather than the separate University of Maryland, Baltimore institution.