UC Email Security Incident

March 31, 2021

To our campus community:

The UC Berkeley Information Security Office, in coordination with the UC Office of the President (UCOP), is responding to a security incident involving UC employee information.

Beginning Monday, March 29, many UC Berkeley email accounts started receiving messages stating that their personal data had been stolen and would be released. We learned from our colleagues that similar messages were being received in email accounts for multiple campuses throughout the UC system.

The Information Security Office investigated and found that these emails contained a link to a public website where a sample of personal data from UC employees was posted. Working with the bConnected email team, we took immediate steps to block these messages from being received by UC Berkeley email accounts.

We learned that some personal UC employee data was obtained through a cyber attack on a UCOP system, and this was the source for the information released. The security team at UCOP, working with law enforcement, is investigating the matter and has released the following statement: https://ucnet.universityofcalifornia.edu/news/2021/03/uc-part-of-nationwide-cyber-attack.html

We are working with UCOP to determine the scope, and will reach out directly to any members of the UC Berkeley community affected by this incident. In the meantime, if you receive any suspicious email, please report it to us without clicking on any links or replying to the sender. 

This is also a good time to review cybersecurity tips.The UC Cyber Security Awareness Fundamentals course includes some great content on these types of issues, please log onto the UC Learning Center to view the course if you have not already done so.

Always be suspicious of any email asking for personal or user account information. UC Berkeley will never ask you for such information via email. If you have questions or concerns about this incident, please contact communications@ucop.edu.

Thank you for your attention to this matter.

Jenn Stringer
Associate Vice Chancellor for IT and Chief Information Officer

Allison Henry
Chief Information Security Officer

This message was sent to all students, faculty, and staff. If you are a manager who supervises UC Berkeley employees without email access, please circulate this information to all.