On June 2, 2023, the University of Rochester (“UR”) posted a notice on its website explaining that the University is currently responding to a data breach resulting from a vulnerability with a third-party file transfer. While the University of Rochester’s systems were not breached, confidential information belonging to faculty and students may be at risk because the vulnerability may give hackers access to the information through the file transfer program. The University of Rochester hasn’t released a list of compromised data types; however, once the University completes its investigation, it will send out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification from the University of Rochester or any other company on University of Rochester’s behalf, it is essential you understand what is at risk and what you can do about it. Third-party software breaches have been responsible for some of the year’s largest data breaches, affecting millions of consumers. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the University of Rochester data breach, please see our recent piece on the topic here.
What We Know So Far About the University of Rochester Breach
News of the University of Rochester data breach is still fresh; however, what we know at this point comes from the company’s June 2, 2023 post entitled “University responding to data breach.” According to this source, the University of Rochester is in the process of investigating a potential data breach resulting from a vulnerability in software provided by a third party. The University of Rochester did not confirm the name of the file-transfer company; however, both Fortra and Progress Software reported vulnerabilities in their file-transfer services this year. Of course, the UR breach could be related to a previously unknown vulnerability, as well.
Upon learning of the vulnerability, UR reported the incident to the FBI and outside data forensic specialists to determine what information was compromised and who it belonged to. The University is still in the process of understanding the full scope of the breach and indicated that it would inform victims of the incident once its investigation is complete. In the meantime, UR recommends that all students and faculty take the necessary steps to protect their personal information.
More Information About the University of Rochester
Founded in 1850, the University of Rochester is a private research university located in Rochester, New York. The University of Rochester has a student body of approximately 12,000, with roughly 7,000 undergraduate students and 5,000 graduate students. One of the unique aspects of UR is that students are able to customize their educational experience because there are no general education requirements and no traditional “core” curriculum. The University of Rochester is also one of the largest private employers in upstate New York and the 7th largest employer in all of New York State. The University of Rochester employs more than 31,000 people and generates approximately $3.1 billion in annual revenue.
