May 28, 2021
As we reported recently, the University of Maryland, Baltimore, was the subject of a cybersecurity incident involving its Accellion file transfer device (FTA). Accellion, Inc. is a UMB information technology provider that supplied UMB’s TLC. UMB stopped using Accellion FTA in February 2021. AFTA was used to be able to transfer and receive sensitive data through a secure protocol.
Although we had previously been assured that no sensitive data was disclosed, on March 29, 2021, UMB learned that certain data files from UMM’s Accellion FTA had been posted on a cybercrime website.
UMB immediately reported it to the FBI and outside experts have pledged to investigate and determine the full extent of the incident. According to Accellion, its FTA software was targeted as of mid-December 2020 by a group of threatening actors. The attacks were perpetrated against Accellion FTA software, which is used by numerous universities, government agencies, and public and private companies.
Fortunately, there is no evidence that UMB systems other than the FTA application are affected. The investigation is ongoing, but the files vary by individual and include various types of data items, such as name, demographic information, date of birth, diagnosis, social security number, leave of absence drive, provider name, health and benefit related information.
UMB has notified and continues to notify affected individuals by email at the last known address as our investigation identifies them. As always, people are advised to be vigilant and closely monitor financial statements and credit reports and report discrepancies to law enforcement, and we encourage you to activate fraud alerts and security freezes. UMB provides control of identity theft as required by law.
Send any questions you may have to: AccellionIncidentResponse@umaryland.edu