Accellion data breach: Difference between revisions

Line 6:

|Type=Security

|Description=A security breach affecting over 25 companies, medical institutions and schools, resulting in over 200 customers.

}}Around Mid December in 2020, several hacker group going by the names FIN11, UNC2546, and CLOP, infiltrated [[Accellion]] systems using [[wikipedia:SQL_injection|SQL injection,]] affecting over 25 companies and leaking over 200 customers personal information.<ref name=":0">{{Cite web |last=Burgess |first=Monica |date=31 October 2025 |title=Accellion Data Breach |url=https://www.huntress.com/threat-library/data-breach/accellion-data-breach |url-status=live |access-date=25 March 2026 |website=Huntress}}</ref>

}}Around Mid December in 2020, several hacker group going by the names FIN11, UNC2546, and CLOP, infiltrated [[Accellion]] systems using [[wikipedia:SQL_injection|SQL injection,]] affecting over 25 companies and leaking over 200 customers and employees personal information.<ref name=":0">{{Cite web |last=Burgess |first=Monica |date=31 October 2025 |title=Accellion Data Breach |url=https://www.huntress.com/threat-library/data-breach/accellion-data-breach |url-status=live |access-date=25 March 2026 |website=Huntress}}</ref>

==Background==

A financially motivated hacker group going by FIN11 has conducted malware and ransomware attacks against financial, retail, and medical related organizations since 2016.<ref>{{Cite web |last=Stark |first=Genevieve |last2=Moore |first2=Andrew |last3=Cannon |first3=Vincent |last4=Leary |first4=Jacqueline |last5=Fraser |first5=Nalani |last6=Goody |first6=Kimberly |date=14 October 2020 |title=Threat Research FIN11: Widespread Email Campaigns as Precursor for Ransomware and Data Theft |url=https://www.fireeye.com/blog/threat-research/2020/10/fin11-email-campaigns-precursor-for-ransomware-data-theft.html |url-status=live |archive-url=https://web.archive.org/web/20201017221743/https://www.fireeye.com/blog/threat-research/2020/10/fin11-email-campaigns-precursor-for-ransomware-data-theft.html |archive-date=17 October 2020 |access-date=26 March 2026 |website=Fire Eye}}</ref> It shares close ties to [[wikipedia:Clop_(hacker_group)#GoAnywhere_MFT_attack_(2023)|CLOP]], a hacker group that since 2016 has ran phishing campaigns and malware distributions<ref>{{Cite web |last=Brubaker |first=Nathan |last2=Zafra |first2=Daniel |last3=Lunden |first3=Keith |last4=Proska |first4=Ken |last5=Hildebrandt |first5=Corey |date=15 July 2020 |title=Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families |url=https://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html |url-status=live |archive-url=https://web.archive.org/web/20200716090918/https://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html |archive-date=16 July 2020 |access-date=26 March 2026 |website=Fire Eye}}</ref>, and UNC2546, an unknown hacker group that been shown to conduct malware attacks and SQL injection.<ref>{{Cite web |last=Ropek |first=Lucas |date=23 February 2021 |title=What We Know About the Hackers Behind the Accellion Data Breach |url=https://gizmodo.com/what-we-know-about-the-hackers-behind-the-accellion-dat-1846316990 |url-status=live |access-date=26 March 2026 |website=Gizmodo}}</ref><ref>{{Cite web |last=Stone |first=Jeff |date=22 February 2021 |title=FireEye IDs hacking group suspected in Accellion, Kroger breach |url=https://cyberscoop.com/fireeye-ids-hacking-group-suspected-in-accellion-kroger-breach/ |url-status=live |access-date=26 March 2026 |website=Cyberscoop}}</ref>

Accellion is a file sharing service provider

Accellion is a file sharing service provider.

==The Attack==

Line 26:

On 23 January, Kroger was notified of the vulnerability after being informed by Accellion, resulting in the company conducting an investigation. Around February, Kroger issued a statement that sought discontinuation of Accellion systems as well as mention 1% of customers had pharmacy records, money services being affected in the attack. Additionally, it highlighted plans to inform affected consumers.<ref>{{Cite web |date=25 March 2026 |title=Information About the Accellion Incident |url=https://www.kroger.com/i/accellion-incident |url-status=dead |archive-url=https://web.archive.org/web/20210219235325/https://www.kroger.com/i/accellion-incident |archive-date=19 February 2021 |access-date=25 March 2026 |website=Kroger}}</ref>

===Qualys ===

===Qualys===

Starting on 03 March till 02 April, Qualys made a series of statement and updates after being alerted about the attack around December 2020. In collaboration with Accellion, FireEye, and Mandiant, a investigation pursued that found and contacted customers with leaked online and real life names, email addresses, job titles, and office addresses. Additionally, it found no impact or effect on its systems.<ref>{{Cite web |last=Carr |first=Ben |date=3 March 2021 |title=Qualys Update on Accellion FTA Security Incident |url=https://blog.qualys.com/vulnerabilities-threat-research/2021/04/02/qualys-update-on-accellion-fta-security-incident |url-status=live |archive-url=https://web.archive.org/web/20250713022054/https://blog.qualys.com/vulnerabilities-threat-research/2021/04/02/qualys-update-on-accellion-fta-security-incident |archive-date=13 July 2025 |access-date=26 March 2026 |website=Qualys}}</ref>

=== City of Toronto ===

===City of Toronto===

On 22 January, the city was first alerted of the incident by unknown sources, however the city issued a response on April 2021.<ref>{{Cite web |date=30 April 2021 |title=Toronto hit by ‘potential cyber breach’ from Accellion file transfer software |url=https://databreaches.net/2021/04/30/toronto-hit-by-potential-cyber-breach-from-accellion-file-transfer-software/ |url-status=live |access-date=27 March 2026 |website=Databreaches.net}}</ref> When asked, a spokesperson responded by claiming "“It takes time to reach any sort of conclusion in view of the legacy system that was breached and the extent of investigation required." it was reported that around 35,000 citizens information was affected in the attack, however the city didn't receive a ransom email, leading to some speculation in the community of the meaning of the silence.<ref>{{Cite web |last=Woodward |first=Jon |date=30 December 2021 |title=Toronto feared 35,000 citizens' data would be made public after cyberattack: documents |url=https://www.ctvnews.ca/toronto/article/toronto-feared-35000-citizens-data-would-be-made-public-after-cyberattack-documents/ |url-status=live |access-date=26 March 2026 |website=CTV News}}</ref><ref>{{Cite web |last=Adriano |first=Lyle |date=3 May 2021 |title=Toronto reveals potential cyber breach |url=https://www.insurancebusinessmag.com/ca/news/cyber/toronto-reveals-potential-cyber-breach-253921.aspx |url-status=live |access-date=26 March 2026 |website=Insurance Business}}</ref>

Line 35:

On 02 May, CXS made a statement highlighting the incident only leaking current and past employees personal information. The company didn't provide much details surrounding the incident in regards to customers or specific type of information, only saying “''To date, this incident has had no impact on business operations or our ability to serve our customers''".<ref>{{Cite web |date=2 March 2021 |title=CSX probes ‘security incident’ as hackers leak data |url=https://www.freightwaves.com/news/csx-probes-security-incident-as-hackers-leak-data |url-status=live |access-date=27 March 2026 |website=Freightwaves}}</ref><ref>{{Cite web |last=Lester |first=David |date=3 March 2021 |title=CSX suffers data exposure by hackers |url=https://www.rtands.com/freight/csx-suffers-data-exposure-by-hackers/ |url-status=live |access-date=26 March 2026 |website=RT&S}}</ref>

===Centene ===

===Centene===

===Trillium===

The Company became aware of the attack on 25 January, and a month later released a statement, declaring customers address, date of birth, insurance ID number, and health information has been leaked and posted online. As compensation, the company gave 1 year credit monitoring and identity theft protection services to affected customers on 26 February.<ref>{{Cite web |date=7 March 2021 |title=Trillium Community Health Plan members impacted by Accellion breach |url=https://databreaches.net/2021/03/07/trillium-community-health-plan-members-impacted-by-accellion-breach/ |url-status=live |access-date=27 March 2026 |website=databreaches.net}}</ref> The company discussed plans to move and remove all data from Accellion systems, review files and sharing data practices.<ref>{{Cite web |date=25 February 2021 |title=Trillium vendor reports a Data Security Incident |url=https://www.trilliumohp.com/newsroom/trillium-vendor-reports-a-data-security-incident.html |url-status=live |archive-url=https://web.archive.org/web/20260214042648/https://www.trilliumohp.com/newsroom/trillium-vendor-reports-a-data-security-incident.html |archive-date=14 February 2026 |access-date=27 March 2026 |website=Trillium}}</ref>

===Shell===

=== Shell ===

On 16 March , [[Shell]] released a statement where it described the attack leaking shareholders and company personal data being leaked, resulting in a investigation with authorities and contacting individuals involved.<ref>{{Cite web |date=16 March 2021 |title=Third-party cyber security incident impacts Shell |url=https://web.archive.org/web/20210322192431/https://www.shell.com/energy-and-innovation/digitalisation/news-room/third-party-cyber-security-incident-impacts-shell.html |url-status=live |access-date=26 March 2026 |website=Shell}}</ref><blockquote>''"Upon learning of the incident, Shell addressed the vulnerabilities with its service provider and cyber security team, and started an investigation to better understand the nature and extent of the incident. There is no evidence of any impact to Shell’s core IT systems as the file transfer service is isolated from the rest of Shell’s digital infrastructure. The ongoing investigation has shown that an unauthorized party gained access to various files during a limited window of time. Some contained personal data and others included data from Shell companies and some of their stakeholders. Shell is in contact with the impacted individuals and stakeholders and we are working with them to address possible risks. We have also been in contact with relevant regulators and authorities and will continue to do so as the investigation continues. Cyber security and personal data privacy are important for Shell and we work continuously to improve our information risk management practices. We will continue to monitor our IT systems and improve our security. We regret the concern and inconvenience this may cause affected parties."''</blockquote>

===https://web.archive.org/web/~~20210330165405~~/https://~~sao~~.wa.~~gov~~/~~breach2021~~/~~<nowiki~~/>===

===University of Colorado===

https://www.~~techtarget~~.~~com~~/~~searchsecurity~~/~~news~~/~~252502430~~/~~Accellion~~-~~breach~~-~~raises~~-~~notification-concerns~~

Around January, the University of Colorado became aware of the vulnerability, conducting various alerts to individuals and temporarly disabling the service untill 28 January. On 01 February, the university emailed 447 individuals alleged to be affected. Around 09 February, the University released a statement detailing the events of the attack and the comrpimisation of students and employees "identifiable information", medical data, and "study and research data".<ref>{{Cite web |date=9 February 2021 |title=About the Accellion Cyberattack |url=https://www.cu.edu/accellion-cyberattack |url-status=dead |archive-url=https://web.archive.org/web/20210209234658/https://www.cu.edu/accellion-cyberattack |archive-date=9 February 2021 |access-date=27 March 2026 |website=University of Colorado}}</ref>

===Morgan Stanley===

https://~~techcrunch~~.com/~~2021~~/07/~~08/the~~-~~accellion~~-data-breach-~~continues~~-to-~~get~~-~~messier~~/

On July

https://www.bleepingcomputer.com/news/security/morgan-stanley-reports-data-breach-after-vendor-accellion-hack/

~~=== The University Of Colorado ===~~

https://securityaffairs.com/119865/data-breach/morgan-stanley-data-breach.html

~~=== Standford University ===~~

https://arstechnica.com/gadgets/2021/07/morgan-stanley-discloses-data-breach-that-resulted-from-accellion-fta-hacks/

=== University ~~Of Miami~~ ===

===Standford University===

=== University Of ~~California~~ ===

===University Of Miami===

=== ~~QIMR Berghofer Medical Research Institute~~ ===

===University Of California===

=== ~~HealthNet~~ ===

===QIMR Berghofer Medical Research Institute===

=== ~~Washington State~~ ===

===HealthNet===

=== ~~The Reserve Bank of New Zealand~~ ===

===Washington State===

=== ~~Australian Securities and Investments Commission~~ ===

===The Reserve Bank of New Zealand===

=== ~~Bombardier~~ ===

===Australian Securities and Investments Commission===

=== ~~Transport For NSW~~ ===

===Bombardier===

=== ~~Flagstar Bank~~ ===

===Transport For NSW===

=== ~~Trinity Health~~ ===

===Flagstar Bank===

=== ~~University of Maryland~~ ===

===Trinity Health===

=== ~~California Health & Wellness~~ ===

===University of Maryland===

=== ~~Arizona Complete~~ Health ===

===California Health & Wellness===

=== ~~Goodwin Procter~~ ===

===Arizona Complete Health===

=== ~~Jones Day~~ ===

===Goodwin Procter===

=== ~~Harvard Business School~~ ===

===Jones Day===

=== ~~CSX~~ ===

===Harvard Business School===

=== CalViva Health ===

===CalViva Health===

==Lawsuit==

Line 102:

Line 104:

[[Category:Data breaches]]

[[Category:2020 incidents]]

@@ Line 6: / Line 6: @@
 |Type=Security
 |Description=A security breach affecting over 25 companies, medical institutions and schools, resulting in over 200 customers.
-}}Around Mid December in 2020, several hacker group going by the names FIN11, UNC2546, and CLOP, infiltrated [[Accellion]] systems using [[wikipedia:SQL_injection|SQL injection,]] affecting over 25 companies and leaking over 200 customers personal information.<ref name=":0">{{Cite web |last=Burgess |first=Monica |date=31 October 2025 |title=Accellion Data Breach |url=https://www.huntress.com/threat-library/data-breach/accellion-data-breach |url-status=live |access-date=25 March 2026 |website=Huntress}}</ref>
+}}Around Mid December in 2020, several hacker group going by the names FIN11, UNC2546, and CLOP, infiltrated [[Accellion]] systems using [[wikipedia:SQL_injection|SQL injection,]] affecting over 25 companies and leaking over 200 customers and employees personal information.<ref name=":0">{{Cite web |last=Burgess |first=Monica |date=31 October 2025 |title=Accellion Data Breach |url=https://www.huntress.com/threat-library/data-breach/accellion-data-breach |url-status=live |access-date=25 March 2026 |website=Huntress}}</ref>
 ==Background==
 A financially motivated hacker group going by FIN11 has conducted malware and ransomware attacks against financial, retail, and medical related organizations since 2016.<ref>{{Cite web |last=Stark |first=Genevieve |last2=Moore |first2=Andrew |last3=Cannon |first3=Vincent |last4=Leary |first4=Jacqueline |last5=Fraser |first5=Nalani |last6=Goody |first6=Kimberly |date=14 October 2020 |title=Threat Research FIN11: Widespread Email Campaigns as Precursor for Ransomware and Data Theft |url=https://www.fireeye.com/blog/threat-research/2020/10/fin11-email-campaigns-precursor-for-ransomware-data-theft.html |url-status=live |archive-url=https://web.archive.org/web/20201017221743/https://www.fireeye.com/blog/threat-research/2020/10/fin11-email-campaigns-precursor-for-ransomware-data-theft.html |archive-date=17 October 2020 |access-date=26 March 2026 |website=Fire Eye}}</ref> It shares close ties to [[wikipedia:Clop_(hacker_group)#GoAnywhere_MFT_attack_(2023)|CLOP]], a hacker group that since 2016 has ran phishing campaigns and malware distributions<ref>{{Cite web |last=Brubaker |first=Nathan |last2=Zafra |first2=Daniel |last3=Lunden |first3=Keith |last4=Proska |first4=Ken |last5=Hildebrandt |first5=Corey |date=15 July 2020 |title=Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families |url=https://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html |url-status=live |archive-url=https://web.archive.org/web/20200716090918/https://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html |archive-date=16 July 2020 |access-date=26 March 2026 |website=Fire Eye}}</ref>,   and UNC2546, an unknown hacker group that been shown to conduct malware attacks and SQL injection.<ref>{{Cite web |last=Ropek |first=Lucas |date=23 February 2021 |title=What We Know About the Hackers Behind the Accellion Data Breach |url=https://gizmodo.com/what-we-know-about-the-hackers-behind-the-accellion-dat-1846316990 |url-status=live |access-date=26 March 2026 |website=Gizmodo}}</ref><ref>{{Cite web |last=Stone |first=Jeff |date=22 February 2021 |title=FireEye IDs hacking group suspected in Accellion, Kroger breach |url=https://cyberscoop.com/fireeye-ids-hacking-group-suspected-in-accellion-kroger-breach/ |url-status=live |access-date=26 March 2026 |website=Cyberscoop}}</ref>
-Accellion is a file sharing service provider
+Accellion is a file sharing service provider.
 ==The Attack==
@@ Line 26: / Line 26: @@
 On 23 January, Kroger was notified of the vulnerability after being informed by Accellion, resulting in the company conducting an investigation. Around February, Kroger issued a statement that sought discontinuation of Accellion systems as well as mention 1% of customers had pharmacy records, money services being affected in the attack. Additionally, it highlighted plans to inform affected consumers.<ref>{{Cite web |date=25 March 2026 |title=Information About the Accellion Incident |url=https://www.kroger.com/i/accellion-incident |url-status=dead |archive-url=https://web.archive.org/web/20210219235325/https://www.kroger.com/i/accellion-incident |archive-date=19 February 2021 |access-date=25 March 2026 |website=Kroger}}</ref>
-===Qualys ===
+===Qualys===
 Starting on 03 March till 02 April, Qualys made a series of statement and updates after being alerted about the attack around December 2020. In collaboration with Accellion,  FireEye, and Mandiant, a investigation pursued that found and contacted customers with leaked online and real life names, email addresses, job titles, and office addresses. Additionally, it found no impact or effect on its systems.<ref>{{Cite web |last=Carr |first=Ben |date=3 March 2021 |title=Qualys Update on Accellion FTA Security Incident |url=https://blog.qualys.com/vulnerabilities-threat-research/2021/04/02/qualys-update-on-accellion-fta-security-incident |url-status=live |archive-url=https://web.archive.org/web/20250713022054/https://blog.qualys.com/vulnerabilities-threat-research/2021/04/02/qualys-update-on-accellion-fta-security-incident |archive-date=13 July 2025 |access-date=26 March 2026 |website=Qualys}}</ref>
-=== City of Toronto ===
+===City of Toronto===
 On 22 January, the city was first alerted of the incident by unknown sources, however the city issued a response on April 2021.<ref>{{Cite web |date=30 April 2021 |title=Toronto hit by ‘potential cyber breach’ from Accellion file transfer software |url=https://databreaches.net/2021/04/30/toronto-hit-by-potential-cyber-breach-from-accellion-file-transfer-software/ |url-status=live |access-date=27 March 2026 |website=Databreaches.net}}</ref> When asked, a spokesperson responded by claiming "“It takes time to reach any sort of conclusion in view of the legacy system that was breached and the extent of investigation required." it was reported that around 35,000 citizens information was affected in the attack, however the city didn't receive a ransom email, leading to some speculation in the community of the meaning of the silence.<ref>{{Cite web |last=Woodward |first=Jon |date=30 December 2021 |title=Toronto feared 35,000 citizens' data would be made public after cyberattack: documents |url=https://www.ctvnews.ca/toronto/article/toronto-feared-35000-citizens-data-would-be-made-public-after-cyberattack-documents/ |url-status=live |access-date=26 March 2026 |website=CTV News}}</ref><ref>{{Cite web |last=Adriano |first=Lyle |date=3 May 2021 |title=Toronto reveals potential cyber breach |url=https://www.insurancebusinessmag.com/ca/news/cyber/toronto-reveals-potential-cyber-breach-253921.aspx |url-status=live |access-date=26 March 2026 |website=Insurance Business}}</ref>
@@ Line 35: / Line 35: @@
 On 02 May,  CXS made a statement highlighting the incident only leaking current and past employees personal information. The company didn't provide much details surrounding the incident in regards to customers or specific type of information, only saying “''To date, this incident has had no impact on business operations or our ability to serve our customers''".<ref>{{Cite web |date=2 March 2021 |title=CSX probes ‘security incident’ as hackers leak data |url=https://www.freightwaves.com/news/csx-probes-security-incident-as-hackers-leak-data |url-status=live |access-date=27 March 2026 |website=Freightwaves}}</ref><ref>{{Cite web |last=Lester |first=David |date=3 March 2021 |title=CSX suffers data exposure by hackers |url=https://www.rtands.com/freight/csx-suffers-data-exposure-by-hackers/ |url-status=live |access-date=26 March 2026 |website=RT&S}}</ref>
-===Centene <!-- don't understand this one, can someone fill this one in?  -->===
+===Centene<!-- don't understand this one, can someone fill this one in  -->===
 {{Incomplete section}}
 ===Trillium===
+The Company became aware of the attack on 25 January, and a month later released a statement, declaring customers address, date of birth, insurance ID number, and health information has been leaked and posted online. As compensation, the company gave 1 year credit monitoring and identity theft protection services to affected customers on 26 February.<ref>{{Cite web |date=7 March 2021 |title=Trillium Community Health Plan members impacted by Accellion breach |url=https://databreaches.net/2021/03/07/trillium-community-health-plan-members-impacted-by-accellion-breach/ |url-status=live |access-date=27 March 2026 |website=databreaches.net}}</ref>  The company discussed plans to move and remove all data from Accellion systems, review files and sharing data practices.<ref>{{Cite web |date=25 February 2021 |title=Trillium vendor reports a Data Security Incident |url=https://www.trilliumohp.com/newsroom/trillium-vendor-reports-a-data-security-incident.html |url-status=live |archive-url=https://web.archive.org/web/20260214042648/https://www.trilliumohp.com/newsroom/trillium-vendor-reports-a-data-security-incident.html |archive-date=14 February 2026 |access-date=27 March 2026 |website=Trillium}}</ref>
-===Shell===
+=== Shell ===
+On 16 March , [[Shell]] released a statement where it described the attack leaking shareholders and company personal data being leaked, resulting in a investigation with authorities and contacting individuals involved.<ref>{{Cite web |date=16 March 2021 |title=Third-party cyber security incident impacts Shell |url=https://web.archive.org/web/20210322192431/https://www.shell.com/energy-and-innovation/digitalisation/news-room/third-party-cyber-security-incident-impacts-shell.html |url-status=live |access-date=26 March 2026 |website=Shell}}</ref><blockquote>''"Upon learning of the incident, Shell addressed the vulnerabilities with its service provider and cyber security team, and started an investigation to better understand the nature and extent of the incident. There is no evidence of any impact to Shell’s core IT systems as the file transfer service is isolated from the rest of Shell’s digital infrastructure. The ongoing investigation has shown that an unauthorized party gained access to various files during a limited window of time. Some contained personal data and others included data from Shell companies and some of their stakeholders. Shell is in contact with the impacted individuals and stakeholders and we are working with them to address possible risks. We have also been in contact with relevant regulators and authorities and will continue to do so as the investigation continues. Cyber security and personal data privacy are important for Shell and we work continuously to improve our information risk management practices. We will continue to monitor our IT systems and improve our security. We regret the concern and inconvenience this may cause affected parties."''</blockquote>
-===https://web.archive.org/web/20210330165405/https://sao.wa.gov/breach2021/<nowiki/>===
 ===University of Colorado===
-https://www.techtarget.com/searchsecurity/news/252502430/Accellion-breach-raises-notification-concerns
+Around January, the University of Colorado became aware of the vulnerability, conducting various alerts to individuals and temporarly disabling the service untill 28 January. On 01 February, the university emailed 447 individuals alleged to be affected. Around 09 February, the University released a statement detailing the events of the attack and the comrpimisation of students and employees "identifiable information", medical data, and "study and research data".<ref>{{Cite web |date=9 February 2021 |title=About the Accellion Cyberattack |url=https://www.cu.edu/accellion-cyberattack |url-status=dead |archive-url=https://web.archive.org/web/20210209234658/https://www.cu.edu/accellion-cyberattack |archive-date=9 February 2021 |access-date=27 March 2026 |website=University of Colorado}}</ref>
 ===Morgan Stanley===
-https://techcrunch.com/2021/07/08/the-accellion-data-breach-continues-to-get-messier/
+On July
+https://www.bleepingcomputer.com/news/security/morgan-stanley-reports-data-breach-after-vendor-accellion-hack/
-=== The University Of Colorado ===
+https://securityaffairs.com/119865/data-breach/morgan-stanley-data-breach.html
-=== Standford University ===
+https://arstechnica.com/gadgets/2021/07/morgan-stanley-discloses-data-breach-that-resulted-from-accellion-fta-hacks/
-=== University Of Miami ===
+===Standford University===
-=== University Of California ===
+===University Of Miami===
-=== QIMR Berghofer Medical Research Institute ===
+===University Of California===
-=== HealthNet ===
+===QIMR Berghofer Medical Research Institute===
-=== Washington State ===
+===HealthNet===
-=== The Reserve Bank of New Zealand ===
+===Washington State===
-=== Australian Securities and Investments Commission ===
+===The Reserve Bank of New Zealand===
-=== Bombardier ===
+===Australian Securities and Investments Commission===
-=== Transport For NSW ===
+===Bombardier===
-=== Flagstar Bank ===
+===Transport For NSW===
-=== Trinity Health ===
+===Flagstar Bank===
-=== University of Maryland ===
+===Trinity Health===
-=== California Health & Wellness ===
+===University of Maryland===
-=== Arizona Complete Health ===
+===California Health & Wellness===
-=== Goodwin Procter ===
+===Arizona Complete Health===
-=== Jones Day ===
+===Goodwin Procter===
-=== Harvard Business School ===
+===Jones Day===
-=== CSX ===
+===Harvard Business School===
-=== CalViva Health ===
+===CalViva Health===
 ==Lawsuit==
@@ Line 102: / Line 104: @@
 {{reflist}}
 [[Category:Data breaches]]
+[[Category:2020 incidents]]