The University of Miami was the victim of a cyber-attack and now subsequent ransom request. The news was first reported by Bleepingcomputer.com.
Faculty were first alerted to the breach in an email sent out last night. The email titled “Cyber Incident Investigation,” explained that UM’s investigation into the event is still ongoing. The email opens with the following:
“We are currently investigating a data security incident involving Accellion, a third-party provider of hosted file transfer services. We take data security seriously and data protection is a top priority.”
The email contained no information about what information was compromised. The initial report by Bleepingcomputer.com said students grades and social security numbers were posted online. UM was asked directly if this was the case. They did not reply.
At the end of the email, recipients are instructed to direct concerned parties to a specific number. Upon calling, a worker confirmed that the information was potentially personal and that is why links to credit monitoring and identity theft information were provided in the email. The email included links to the three major credit bureaus and a website about identity theft.
UM was not the only school that was attacked. University of Colorado Boulder also was attacked by the same group, but unlike UM, UC Boulder publicly posted about the hack and said they were first made aware of the attack in January. UM did not reply to a question about when they were first made aware of the attack.
When UM was asked for an interview about the attack, they provided a statement that said UM is “currently investigating a data security incident involving Accellion,” and that the school takes “data security very seriously.” The full statement can be read here.
This story will be updated when more information is made available.