The data breach, as with many attacks involving the file-sharing firm, involved attackers accessing data hosted by the university via Accellion’s File Transfer Appliance used to transfer large data files securely. The Accellion data breach that last year affected a variety of private- and public-sector organizations and compromised the personal data of millions of individuals could come to an $8.1 million resolution.The University of California has released new details on an Accellion-related data breach in December. Specifically, the complaint alleged Accellion failed to implement and maintain adequate data security practices to safeguard personal information prevent the FTA data breach detect security vulnerabilities leading to the data breach and disclose its data security practices were inadequate.Ĭourt documents state, “Accellion has denied all the allegations and any liability and maintains that it did not owe a legal duty of care to plaintiffs and acted reasonably.” The resulting class-action lawsuit asserted claims of negligence invasion of privacy and violations of various consumer protection laws, including the California Consumer Privacy Act (CCPA). Department of Health and Human Services warned of numerous healthcare organizations impacted. The breach was massive in nature, resulting in sensitive data being stolen from multiple government organizations law firms and companies in the healthcare, telecommunications, financial services, retail, energy, and higher education sectors.Īmong Accellion’s high-profile clients that issued statements disclosing the breach included Bombardier, Kroger, Royal Dutch Shell, University of California, Stanford University, the University of Colorado, the Reserve Bank of New Zealand, and more. Authorities later determined the attacks were carried out by the Clop ransomware gang. While Accellion initially claimed it patched the FTA vulnerability within 72 hours, it later announced discovering new vulnerabilities. In mid-December 2020, Accellion notified customers that a data breach had compromised client data through certain vulnerabilities in its FTA software. “Following the discovery of the zero-day vulnerability and prior to migrating, we offered FTA customers free forensic assistance, as well as an independent forensic analysis by FireEye Mandiant, access to Accellion senior management, migration services to Kiteworks, or migration assistance to customers who elected to terminate their relationship with Accellion,” said Accellion Chief Executive Jonathan Yaron in a press release at the time. In May 2021, Accellion announced approximately 75 percent of FTA customers affected by the breach already had migrated from its legacy product to the Kiteworks content firewall. Periodically confirm compliance with the foregoing measures publicly on Accellion’s website.Employ personnel with formal responsibilities for cybersecurity and.Provide annual cybersecurity training to all employees.Maintain FedRAMP certification for its newer Kiteworks offering.Other proposed requirements mandate Accellion to: The settlement would additionally provide “robust injunctive relief” that Accellion must implement for four years from the agreement’s effective date. While the exact class size is unknown, 9.2 million class members are being notified, according to court documents. residents whose personal information was compromised in the attacks that targeted the file transfer appliance (FTA) systems of numerous high-profile Accellion customers. The settlement would resolve only class claims against Accellion on behalf of all U.S. District Court for the Northern District of California, the privately held file-sharing company (which rebranded as Kiteworks in October 2021) would be required to establish an $8.1 million cash fund in a proposed nationwide class-action settlement “to pay for valid claims, notice and administration costs, any service awards to the named plaintiffs, and any fee award and costs awarded by the court.” May 16: Compliance guide to carbon measurementĪccording to court documents in the case Stobbe v.May 9: Strengthening business continuity.
0 Comments
Leave a Reply. |