Last week, the University of California joined the list of institutions affected by the cyberattack on Accellion FTA, the file transfer application used by the university. Although the institution hasn’t been hit by ransomware yet, the staff and students have begun receiving suspicious messages. Other educational institutions victimized by the attack, include the University of Maryland, Stanford, the University of Colorado, and the University of Miami.
Unfortunately, the cyberattack hasn’t affected colleges and universities alone. It appears that the criminals have compromised dozens of organizations across the world. The stolen data is now being dumped over the Internet. Moreover, the criminals have begun pushing the victims for ransom.
How bad was the cyberattack on the Accellion FTA software
Although Accellion has addressed the flaws in their software, it appears that the attackers managed to compromise the information security of multiple organizations using the product.
In February, a security researcher reported that the data of several organizations impacted by the attack was being dumped over the Internet.
As of today, tens of organizations have released statements confirming a data breach on account of the cyberattack on their FTA servers.
As per Inside Higher Ed, numerous institutions have confirmed that sensitive information from their records has been compromised. This includes, Social security numbers, passports, academic transcripts, medical records, grants and employment contracts.
Similarly, sensitive health records from various healthcare organizations have also been stolen. As per the HIPAA guide, more than 3.5 million records have been leaked from different providers. The providers have begun notifying patients whose information was compromised.
The list of affected organizations, includes banks, law firms, government agencies, private businesses, and security firms as well.
Unfortunately, the full extent of the data breach isn’t clear yet. The threat actors continue to post the stolen data over the Internet. And in addition to the ongoing data dumping, the criminals have begun demanding ransom from the victims as well. For instance, the University of Colorado received a ransom demand of $17 million against 310,000 stolen records.
As per Accellion, the vulnerabilities in their software that were exploited by the criminals have been patched. Moreover, the hackers can no longer exploit clients’ information stored on their FTA servers.
However, Accellion is now facing multiple lawsuits from customers in the wake of the data breach.