Information regarding a data security incident

March 31, 2021

We are currently investigating a data security incident involving Accellion, a third-party provider of hosted file transfer services. We take data security seriously and data protection is a top priority.

As soon as we became aware of the incident, we took immediate action to investigate and contain it, including immediately disabling the Accellion server used for secure file transfers. We retained leading cybersecurity experts to assist with our investigation. We have reported the incident to law enforcement and are cooperating with their investigation.

Our investigation into this incident is ongoing and we are continuing to analyze data files within the Accellion server used for secure file transfers and to identify individuals whose personal information was potentially affected. Although that analysis is still ongoing, we have begun notifying affected individuals by postal mail under applicable laws.

We understand that the Accellion security incident affected multiple federal, state, local, tribal, and territorial government organizations, as well as private industry organizations and businesses including those in the medical, legal, telecommunications, finance, higher education, retail, and energy sectors. Accellion had been used by a small number of individuals at UM to transfer files too large for email. The University has since discontinued use of Accellion file transfer services.

Based on our investigation to date, the incident was limited to the Accellion server used for secure file transfers and did not compromise other University of Miami systems or affect outside systems linked to the University of Miami’s network. While we believe based on our investigation to date that the incident is limited to the Accellion server used for secure file transfers, we continue to enhance our cybersecurity program to further safeguard our systems from cyber threats.

While our investigation is ongoing, there are certain precautionary steps you may take to safeguard your information:

• Learn about steps you can take to help protect against identity theft at https://www.identitytheft.gov/databreach.
• Place a fraud alert in your credit file by contacting one of the three nationwide credit reporting agencies below:
  • https://www.equifax.com/personal/
  • https://www.transunion.com
  • https://www.experian.com/
• Place a security freeze on your credit report by contacting the credit reporting agencies.

The hackers may send phishing emails related to this incident. We encourage you to be vigilant and follow these safe email and text message practices:

• Don't reply to emails, texts, or pop-up messages that ask for your personal or financial information.
• Never use links in an email or text message to connect to a website unless you are absolutely sure they are authentic.
• Don't get pressured into providing sensitive information.
• Watch out for generic-looking requests for information.
• Never open email attachments or submit confidential information via forms embedded within suspicious email or text messages.

We will provide updates as appropriate. If you have questions, please call (855) 757-0247 between 9:00 a.m. and 6:30 p.m. ET Monday through Friday.