Officials at the University of Rochester are providing an update regarding a recent cybersecurity attack.
In early June, the U of R said the data breach, which resulted from a software vulnerability in a product provided by a third-party file transfer company, affected the university and approximately 2,500 organizations worldwide.
A spokesperson said that University President Sarah Manglesdorf sent an email update this week to all U of R faculty, staff and students, talking about the cybersecurity incident that involved the university’s third-party vendor, MOVEit.
The latest update from Manglesdorf described the attack as being carried out by “foreign cyber criminals,” and she said the attack gave some access to employees’ and students’ personal information and in some cases, the information of their spouses, domestic partners and dependents who are enrolled in benefits at the U of R.
The university said that the full forensic data investigation has taken several weeks to complete due to the nature and variability of the information involved. But officials said that the U of R’s broader network security has not been affected by this incident and UR Medicine’s electronic health record system, eRecord and MyChart, as well as all other clinical applications, remain secure.
Letters are going out to all affected individuals outlining the exact data compromised for each person, and the university is offering 24 months of free credit monitoring to anyone whose personal information was compromised as part of this incident.