May 28, 2021
As we recently disclosed, the University of Maryland, Baltimore was subject to a cybersecurity incident involving its Accellion file transfer appliance (FTA). Accellion, Inc. is an information technology vendor of UMB that supplied UMB’s FTA. UMB stopped using the Accellion FTA in February 2021. The FTA was utilized to be able to transfer and receive sensitive data through a secure protocol.
Although we had been assured previously that no sensitive data was disclosed, on March 29, 2021, UMB learned that certain data files in UMB’s Accellion FTA had been posted on a cyber criminal’s website.
UMB immediately reported this to the FBI and outside experts have been engaged to investigate and determine the full scope of the incident. According to Accellion, its FTA software was targeted starting in mid-December 2020, by a threat actor group(s). The attacks were perpetrated on Accellion FTA software, which is used by numerous universities, government agencies and public and private companies.
Fortunately, there is no evidence that UMB systems other than the FTA appliance were impacted. The investigation is ongoing, but files varied by individual and included various types of data elements such as name, demographic information, birthdate, diagnosis, social security number, driver license, provider name, health and related benefit information.
UMB has notified and is continuing to notify affected individuals by mail at the last known address as our investigation identifies them. As always, individuals are being advised to remain vigilant and monitor financial account statements and credit reports carefully and report any discrepancies to law enforcement, and we encourage activation of fraud alerts and security freezes. UMB provides identity theft monitoring as required by law.
Please send any questions you may have to: AccellionIncidentResponse@umaryland.edu