310,000 Colorado University records compromised

Edward Kost
Edward Kost
April 12, 2021

The University of Colorado has been breached through its former third-party vendor Accellion. Accellion fell victim to a supply chain attack on December 23, 2020. Cybercriminals penetrated Accelion’s extensive client network and then began systematically breaching their data.

To date, at least 2.7 million victims have been impacted through Accellion’s compromise, a testament to the pernicious efficiency of supply chain attacks.

CU began investigating the incident in February 2021. It was recently revealed that the breach was the most devastating cyberattack in the University’s history.

More than 310,000 university records were compromised including:

  • Transcript information 
  • Grades
  • Medical information
  • Prescription information
  • Student ID numbers
  • Disability status’
  • Social security numbers
  • University financial account information

A majority of the breached data is linked to the Boulder campus.

After the incident, both CU staff and students were contacted by ransomware group CL0P who demanded payment to prevent the private data from being published online.

CU responded with a social post warning all recipients to not comply with the cybercriminal’s demands.


After the ransom payment ultimatum had elapsed, in classic double-extorsion ransomware fashion, the seized data was published on the criminal-infested dark web.

Colorado University data published on the dark web - source: CBS
Colorado University data published on the dark web - source: CBS


CL0P’s role in the original Accellion breach is still uncertain. They could either be responsible for the attack or just managing the stolen data.

Colorado University is offering impacted students credit monitoring, identify monitoring, fraud consultation, and identity theft restoration free of charge.

How secure is Colorado University?

The University of Colorado Boulder is a public research university in Boulder, Colorado. It is the flagship university of the University of Colorado system and was founded in 1876, five months before Colorado became a state.
  • Check icon
    View our free preliminary report on Colorado University’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
https://www.colorado.edu/
Security ratings
Abstract shape
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating