UGA, USG investigate reported hack

The University System of Georgia is investigating after the reported cyber-attack in which the USG says cybercriminals likely had “unauthorized access” to information stored on a widely used software program.

From WSB…

In a report released this week, the University System of Georgia confirms cybercriminals likely had “unauthorized access” to information stored on a widely used software program.

“The potential data breach is tied to the MOVEit Secure File Transfer and Automation software, which the University System and University of Georgia purchased to store and transfer sensitive data,” The Atlanta Journal Constitution’s Vanessa McCray writes.

In a statement released to The AJC Wednesday evening, the University system said the product’s maker, Progress Software, recently identified a vulnerability that “likely allowed cybercriminals unauthorized access to information.”

So far, the University System has not specified when the breach occurred. “It also did not detail what kind of information may have been exposed or how many records were stored,” McCray adds.

According to news reports Thursday, other victims of the breach include Johns Hopkins University in Baltimore, multiple U.S. banks as well as international companies and several state governments.

In a statement released to CNN, Eric Goldstein, with the U.S. Cybersecurity and Infrastructure Security Agency, said they are “providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications.”

Goldstein added, “We are working urgently to understand impacts and ensure timely remediation.”

According to CNN, Johns Hopkins University and the university’s renowned health system confirmed in a statement this week that “sensitive personal and financial information,” including health billing records may have been stolen in the hack.

“Meanwhile, Georgia’s state-wide university system – which spans the 40,000-student University of Georgia along with over a dozen other state colleges and universities – confirmed it was investigating the ‘scope and severity’ of the hack,” CNN’s Sean Lyngaas writes. Read more here.

According to The AJC, The University System implemented recommendations to address the defect by limiting the software’s access to the internet and taking other steps.

“USG personnel are actively monitoring further communications from Progress Software and will adhere to any future recommendations,” the University system’s statement reads. “USG’s cybersecurity experts are evaluating the scope and severity of this potential data exposure. If necessary, consistent with federal and state law, notifications will be issued to any individuals affected.”

Read more here.