Colorado State University

Colorado State University (CSU) has confirmed that the Clop ransomware operation stole sensitive personal information of current and former students and employees during the recent MOVEit Transfer data-theft attacks.

Colorado State University is a public research university with nearly 28,000 students and 6,000 academic and administrative staff members, operating on an endowment of $558,000,000.

The University informed its students and staff on July 12th, 2023, that the threat actors have gained access to the personal data of staff and students through these attacks.

Although the actual extent and impact of the data breach are still being evaluated, CSU has provided the following statement on a webpage dedicated to the cyber incident.

“Some data about prospective, current, and former CSU students and current and former employees maintained by the affected vendors contains personally identifiable information, which may include first name, middle initial, last name, date of birth, student or employee identification numbers, social security number, and demographic information such as gender, ethnicity, and level and area of education.” warned CSU.

The University says that the stolen data is from as far back as 2021, possibly earlier, meaning that graduates may have been impacted.

The leak of this data is not the result of a direct breach of any systems operated or maintained by CSU but rather a compromise of the University’s service vendors, TIAA, National Student Clearinghouse, Corebridge Financial, Genworth Financial, Sunlife, and The Hartford.

All of these providers utilized the MOVEit Transfer security file transfer platform, which was breached in a wave of data-theft attacks in May 2023.

CSU says the above entities offer services to many universities across the United States, so other educational institutes may soon publish similar disclosures.

Since then, Stony Brook University, the University of Delaware, and the Western University of Health Sciences have posted data breach notices relating to the compromise of TIAA, NSC, and Corebridge Financial.

Right now, CSU is carrying out an internal investigation with the help of forensic experts to determine which records and individuals have been impacted by the incident and will send out individual notification letters to those people containing additional resources and protection guidance.

Meanwhile, all CSU community members are advised to remain vigilant and report suspected identity theft incidents to the university and law enforcement authorities.

Currently, no identity theft protection service coverage is offered to CSU members, who are recommended to follow the advice FTC published here.

H/T: Brett Callow

Source: www.bleepingcomputer.com