The University of Colorado Boulder has confirmed that it suffered from a data breach in which thousands of former and current students’ personal information was exposed. The university issued a security notice on October 25, attributing the breach to an unpatched vulnerability in software provided by third-party vendor Atlassian. Atlassian provides services such as developing projects for managers and software developers.
The flaw reportedly impacted a program used by the Office of Information Technology to share resources, configure files, and collaborate on documents. Some of the files stored in the program contained personally identifiable information for current and former students, including student ID numbers, addresses, dates of birth, phone numbers, and genders. The University of Colorado Boulder confirmed that no Social Security numbers or financial information were exposed during the incident. Atlassian released a patch for the flaw on August 25, and the OIT has upgraded the software since the attack.
Read More: Data Breach at University of Colorado