UC Davis joins victims of Accellion file-sharing breach

The University of California, Davis announced Wednesday that it, like many other universities, governments and corporations around the world, has been impacted by the breach of the IT provider Accellion’s file-sharing application.

In a press release, university IT officials said they received reports earlier this week of employees receiving emails threatening that their personal information had been exposed and that it would soon be published. While the university did not say if any ransom was demanded, the actors who sent the messages also included a link to a leak site showing a sample of UC Davis user data.

The school’s Office of Information and Educational Technology said it was able to block the threatening messages, and that recipients were limited to users of the Accellion file-transfer platform. But officials also warned that the breach might have affected people who did not receive the emails.

In acknowledging the incident, UC Davis joins several other major universities, including Harvard Business School, the University of Colorado, University of Miami and University of Maryland, Baltimore, where malicious actors have threatened to publish or actually released user data stolen in the Accellion breach, which was first publicly acknowledged in late January.

Along with the universities, the breach has affected major corporations including the energy giant Shell, the supermarket chain Kroeger and the aircraft manufacturer Bombardier. It also touched the State of Washington, which used the incident to reorganize state government cybersecurity.

UC Davis officials also confirmed that the 39,000-student campus outside Sacramento is not the only one in the University of California system affected by the Accellion hack. Earlier this week, members of the hacking group Clop — which previously leaked data stolen from Colorado and Miami — published sensitive files apparently swiped from the University of California, Merced, ZDNet reported.