On June 22, 2023, the University of California, Los Angeles (“UCLA”) filed a notice of data breach with the Attorney General of California after discovering that the confidential information of students and faculty members was leaked following hackers’ exploitation of a zero-day vulnerability in the MOVEit software used by UCLA. In this notice, UCLA explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names and Social Security numbers. Upon completing its investigation, UCLA began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from the University of California, Los Angeles, it is essential you understand what is at risk and what you can do about it. The recent privacy incident reported by UCLA didn’t actually involve hackers gaining access to UCLA’s system. Instead, they identified a vulnerability within software used by UCLA to transfer confidential student and faculty information. Practically speaking, the result for victims of the breach is the same; their information may now be in the hands of hackers looking to steal their identities or commit other frauds against them. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft as well as discuss your legal options following the UCLA data breach. For more information, please see our recent piece on the topic here.
What Caused the UCLA Breach?
The UCLA data breach was only recently announced, and more information is expected in the near future. However, UCLA’s filing with the Attorney General of California provides some important information on what led up to the breach. According to this source, UCLA uses a file transfer software called MOVEit, which is offered by Progress Software, LLC. On May 31, 2023, Progress Software identified a vulnerability within MOVEit, which allowed hackers to access information within MOVEit.
On June 1, 2023, the UCLA IT team determined that the vulnerability was exploited by hackers on May 28, 2023, which gave the hackers access to confidential information stored within UCLA’s MOVEit platform.
After learning that sensitive consumer data was accessible to an unauthorized party, UCLA reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name and Social Security number.
On June 22, 2023, UCLA sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of exactly what information belonging to them was compromised.
Note that the UCLA / MOVEit data breach did not involve hackers breaching UCLA’s computer systems. Thus, only the data UCLA plugged into the MOVEit file transfer software was affected by the breach.
More Information About University of California, Los Angeles
Founded in 1919, the University of California, Los Angeles, is an international public research university located in Los Angeles, California. UCLA offers 337 undergraduate and graduate degree programs and enrolls approximately 31,600 undergraduate and 14,300 graduate and professional students each year. UCLA is a part of the University of California University System, along with nine other colleges in California. 42,244 employs more than EMP people and generates approximately $8 billion in annual revenue.
