"Data Breach at University of Colorado"

The University of Colorado Boulder (CU Boulder)  is notifying thousands of former and current students that their personal information may have been compromised during a recent data breach.  The breach was attributed to an unpatched vulnerability in software provided by a third-party vendor, Atlassian Corporation Plc.  Atlassian is an Australian software company headquartered in Sydney that develops products for software developers, project managers, and other software development teams.   CU Boulder stated that the flaw “impacted a program used mostly by the Office of Information Technology (OIT) to share resources, such as support and procedural documents, configuration files and collaborative documents.”  Some files stored in the impacted program contained personally identifiable information (PII) for current and former CU Boulder students. Included in that information were names, student ID numbers, addresses, dates of birth, phone numbers, and genders.  CU Boulder noted that the incident did not expose Social Security numbers or financial information.  Since the incident, OIT has upgraded the software to the latest version, which is not susceptible to the vulnerability that the attacker exploited.  CU Boulder stated that the Office was testing the new version and preparing to implement it when the intrusion occurred.  The university said that most of the roughly 30,000 individuals whose data may have been compromised in the incident are no longer affiliated with CU Boulder as a student or employee. The university is notifying victims via email. 

Infosecurity reports: "Data Breach at University of Colorado"