(Excerpts from Insider Ed News)

• Multiple higher education institutions have now confirmed they were victims of data theft related to a security flaw in file transfer software sold by IT security company Accellion, but the true scale of the data breach is still not fully understood.
• Sensitive information from the University of California system, Yeshiva University, the University of Miami, the University of Colorado, Stanford University’s School of Medicine, and the University of Maryland, Baltimore, was recently discovered on the dark web in connection to the Accellion cyberattack, which took place earlier this year.
• All institutions have confirmed they are customers of Accellion and are actively investigating the incident.
• Data files that include personal information such as Social Security numbers were stolen from the universities and made available to download via a website called Clop that is run by cybercriminals. A sample of documents reviewed by Inside Higher Ed included academic transcripts, medical records, research grants and employment contracts.
• A vulnerability in Accellion’s file transfer software was first exploited by cybercriminals in December 2020 and then again in January 2021, a recent report commissioned by Accellion from cybersecurity forensics company FireEye found.
• More than 3,000 organizations including companies, government agencies, hospitals and universities are customers of Accellion, which markets itself as a specialist in secure file sharing.
• Accellion customers are encouraged to upgrade to a new file transfer platform called Kiteworks if they have not done so already, CEO Yaron said.