Atlassian vulnerability believed to be attack vector
A data breach at a Colorado university has potentially exposed the personal details of 30,000 current and former students.
The University of Colorado Boulder announced that the incident was a result of a cyber-attack on third-party service Atlassian.
Atlassian is a software program used by the institution’s Office of Information Technology to share resources and documents.
As a result of the attack, some files stored in the program were illegally accessed, with potentially exposed data including personally identifiable information for current and former students that included names, student ID numbers, addresses, dates of birth, phone numbers, and genders.
Taking advantage
In a statement, the institution said it was “preparing to implement” a new version of the software when attackers took advantage of a known vulnerability to gain access.
The university said that it will notify those thought to be affected via email. It added that “most of the individuals impacted are no longer affiliated with CU as a student or employee”.
Anyone affected by the breach will be offered free credit monitoring services.
YOU MAY LIKE OPPA: Ohio could become the third US state to enact a new consumer privacy law in 2021
