Data Breach at University of Colorado
An American university is notifying thousands of former and current students that their personal information may have been compromised during a recent data breach.
In a security notice issued October 25, the University of Colorado Boulder (CU Boulder) attributed the breach to an unpatched vulnerability in software provided by a third-party vendor, Atlassian Corporation Plc.
Atlassian is an Australian software company headquartered in Sydney that develops products for software developers, project managers and other software development teams.
CU Boulder said that the flaw "impacted a program used mostly by the Office of Information Technology (OIT) to share resources, such as support and procedural documents, configuration files and collaborative documents."
Some files stored in the impacted program contained personally identifiable information (PII) for current and former CU Boulder students. Included in that information were names, student ID numbers, addresses, dates of birth, phone numbers, and genders.
No Social Security numbers or financial information was exposed during the security incident.
"An analysis by the Office of Information Security revealed some data stored in the program was accessed by an attacker," said CU Boulder.
Atlassian released a patch for the flaw on August 25.