BOULDER – Hackers are trying to extort money from the University of Colorado after a cyberattack that potentially compromised the personal information from more than 310,000 files, including student data, medical information and various social security numbers, university officials said Friday.
Attackers have posted small amounts of data on the Internet and are threatening to post more if they are not paid, reported The Boulder Daily Camera
. a press release from the university. "Paying would not guarantee that the data will not be published, now or in the future, or that there will be no additional lawsuits."
University system leaders said they were informed of an attack on a file-sharing system run by the provider in late January and immediately shut down the service. CU was one of at least 10 universities and organizations involved in the attack, according to Friday's announcement.
The FBI is investigating.
Compromised information includes grades and transcript data, student ID numbers, race / ethnicity, veteran status, visa status, disability status, and limited donor information.
The attack also compromised "some medical treatments, diagnostic information and prescriptions, and in limited cases, Social Security numbers and account information," according to the press release.
CU is providing credit monitoring, identity monitoring, fraud consultation, and identity theft restoration to those affected, most of whom were connected to the Boulder campus. The Denver campus also had some affected files, while the Colorado Springs and Anschutz Medical campuses were unaffected.
"Although the attack was on a vulnerability in software from a third-party vendor, CU is in the process of completing a lessons learned exercise to improve its practices," the university said in its statement.