Accellion data breach: Difference between revisions

Line 40:

===Trillium===

The Company became aware of the attack on 25 January, and a month later released a statement, declaring customers address, date of birth, insurance ID number, and health information has been leaked and posted online. As compensation, the company gave 1 year credit monitoring and identity theft protection services to affected customers on 26 February.<ref>{{Cite web |date=7 March 2021 |title=Trillium Community Health Plan members impacted by Accellion breach |url=https://databreaches.net/2021/03/07/trillium-community-health-plan-members-impacted-by-accellion-breach/ |url-status=live |access-date=27 March 2026 |website=databreaches.net}}</ref> The company discussed plans to move and remove all data from Accellion systems, review files and sharing data practices.<ref>{{Cite web |date=25 February 2021 |title=Trillium vendor reports a Data Security Incident |url=https://www.trilliumohp.com/newsroom/trillium-vendor-reports-a-data-security-incident.html |url-status=live |archive-url=https://web.archive.org/web/20260214042648/https://www.trilliumohp.com/newsroom/trillium-vendor-reports-a-data-security-incident.html |archive-date=14 February 2026 |access-date=27 March 2026 |website=Trillium}}</ref>

~~=== Shell ===~~

On 16 March , [[Shell]] released a statement where it described the attack leaking shareholders and company personal data being leaked, resulting in a investigation with authorities and contacting individuals involved.<ref>{{Cite web |date=16 March 2021 |title=Third-party cyber security incident impacts Shell |url=https://web.archive.org/web/20210322192431/https://www.shell.com/energy-and-innovation/digitalisation/news-room/third-party-cyber-security-incident-impacts-shell.html |url-status=live |access-date=26 March 2026 |website=Shell}}</ref><blockquote>''"Upon learning of the incident, Shell addressed the vulnerabilities with its service provider and cyber security team, and started an investigation to better understand the nature and extent of the incident. There is no evidence of any impact to Shell’s core IT systems as the file transfer service is isolated from the rest of Shell’s digital infrastructure. The ongoing investigation has shown that an unauthorized party gained access to various files during a limited window of time. Some contained personal data and others included data from Shell companies and some of their stakeholders. Shell is in contact with the impacted individuals and stakeholders and we are working with them to address possible risks. We have also been in contact with relevant regulators and authorities and will continue to do so as the investigation continues. Cyber security and personal data privacy are important for Shell and we work continuously to improve our information risk management practices. We will continue to monitor our IT systems and improve our security. We regret the concern and inconvenience this may cause affected parties."''</blockquote>

===University of Colorado===

Around January, the University of Colorado became aware of the vulnerability, conducting various alerts to individuals and temporarly disabling the service untill 28 January. On 01 February, the university emailed 447 individuals alleged to be affected. Around 09 February, the University released a statement detailing the events of the attack and the comrpimisation of students and employees "identifiable information", medical data, and "study and research data".<ref>{{Cite web |date=9 February 2021 |title=About the Accellion Cyberattack |url=https://www.cu.edu/accellion-cyberattack |url-status=dead |archive-url=https://web.archive.org/web/20210209234658/https://www.cu.edu/accellion-cyberattack |archive-date=9 February 2021 |access-date=27 March 2026 |website=University of Colorado}}</ref>

@@ Line 40: / Line 40: @@
 ===Trillium===
 The Company became aware of the attack on 25 January, and a month later released a statement, declaring customers address, date of birth, insurance ID number, and health information has been leaked and posted online. As compensation, the company gave 1 year credit monitoring and identity theft protection services to affected customers on 26 February.<ref>{{Cite web |date=7 March 2021 |title=Trillium Community Health Plan members impacted by Accellion breach |url=https://databreaches.net/2021/03/07/trillium-community-health-plan-members-impacted-by-accellion-breach/ |url-status=live |access-date=27 March 2026 |website=databreaches.net}}</ref>  The company discussed plans to move and remove all data from Accellion systems, review files and sharing data practices.<ref>{{Cite web |date=25 February 2021 |title=Trillium vendor reports a Data Security Incident |url=https://www.trilliumohp.com/newsroom/trillium-vendor-reports-a-data-security-incident.html |url-status=live |archive-url=https://web.archive.org/web/20260214042648/https://www.trilliumohp.com/newsroom/trillium-vendor-reports-a-data-security-incident.html |archive-date=14 February 2026 |access-date=27 March 2026 |website=Trillium}}</ref>
-=== Shell ===
-On 16 March , [[Shell]] released a statement where it described the attack leaking shareholders and company personal data being leaked, resulting in a investigation with authorities and contacting individuals involved.<ref>{{Cite web |date=16 March 2021 |title=Third-party cyber security incident impacts Shell |url=https://web.archive.org/web/20210322192431/https://www.shell.com/energy-and-innovation/digitalisation/news-room/third-party-cyber-security-incident-impacts-shell.html |url-status=live |access-date=26 March 2026 |website=Shell}}</ref><blockquote>''"Upon learning of the incident, Shell addressed the vulnerabilities with its service provider and cyber security team, and started an investigation to better understand the nature and extent of the incident. There is no evidence of any impact to Shell’s core IT systems as the file transfer service is isolated from the rest of Shell’s digital infrastructure. The ongoing investigation has shown that an unauthorized party gained access to various files during a limited window of time. Some contained personal data and others included data from Shell companies and some of their stakeholders. Shell is in contact with the impacted individuals and stakeholders and we are working with them to address possible risks. We have also been in contact with relevant regulators and authorities and will continue to do so as the investigation continues. Cyber security and personal data privacy are important for Shell and we work continuously to improve our information risk management practices. We will continue to monitor our IT systems and improve our security. We regret the concern and inconvenience this may cause affected parties."''</blockquote>
 ===University of Colorado===
 Around January, the University of Colorado became aware of the vulnerability, conducting various alerts to individuals and temporarly disabling the service untill 28 January. On 01 February, the university emailed 447 individuals alleged to be affected. Around 09 February, the University released a statement detailing the events of the attack and the comrpimisation of students and employees "identifiable information", medical data, and "study and research data".<ref>{{Cite web |date=9 February 2021 |title=About the Accellion Cyberattack |url=https://www.cu.edu/accellion-cyberattack |url-status=dead |archive-url=https://web.archive.org/web/20210209234658/https://www.cu.edu/accellion-cyberattack |archive-date=9 February 2021 |access-date=27 March 2026 |website=University of Colorado}}</ref>