Hackers hit University of Colorado with cyberattack, potentially compromising personal student info

Nation/world
Cloud striations form above Williams Village East dormitory at University of Colorado Boulder while incoming freshmen move in on August 18, 2020 in Boulder, Colorado. (Mark Makela/Getty Images)

Cloud striations form above Williams Village East dormitory at University of Colorado Boulder while incoming freshmen move in on August 18, 2020 in Boulder, Colorado. (Mark Makela/Getty Images)

Hackers are trying to extort the University of Colorado after a cyberattack that potentially compromised personal information from more than 310,000 files, including student data, medical information and several Social Security numbers, university officials said Friday.

The attackers have posted small amounts of data on the internet and are threatening to post more if they are not paid, The Boulder Daily Camera reported.

“The university does not intend to do so, following guidance from the FBI,” a university news release said. “Paying would not ensure that data is not posted, now or in the future, or that there would not be additional demands.”

Leaders of the university system said they were told of an attack on a file-sharing system run by the vendor in late January and immediately shut down the service. CU was one of at least 10 universities and organizations involved in the attack, according to Friday’s announcement.

The FBI is investigating.

The information that was compromised includes grades and transcript data, student ID numbers, race/ethnicity, veteran status, visa status, disability status and limited donor information.

The attack also compromised “some medical treatment, diagnosis and prescription information, and in limited cases, Social Security numbers and university financial account information,” according to the news release.

CU is providing credit monitoring, identity monitoring, fraud consultation and identity theft restoration to those affected, most of whom were connected to the Boulder campus. The Denver campus also had some affected files, while the Colorado Springs and Anschutz Medical campuses were not affected.

“Although the attack was on a vulnerability in a third-party vendor’s software, CU is in the process of completing a lessons learned exercise to improve its practices,” the university said in its statement.

Copyright 2021 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Trademark and Copyright 2021 The Associated Press. All rights reserved.

Most Popular

Latest News

More News