The UC Santa Barbara Office of the CIO (OCIO), in coordination with the UC Office of the President (UCOP), is responding to a security incident involving UC employee information.
Beginning Monday, March 29, several UCSB email accounts started receiving messages stating that their personal data had been stolen and would be released. Similar messages have been sent to email accounts at multiple campuses throughout the UC system. Most of these messages were automatically marked as SPAM by the email system and never delivered to inboxes.
If you receive a message about a criminal gang publishing your data on the dark web, you can safely delete it. For other suspicious emails, please report them — without clicking on any links or replying to the sender — using the instructions here.
Following an investigation, the OCIO has found that these emails contained a link to a public website where a sample of personal information from some UC employees was posted. Through UCOP, we learned that some personal data for UC employees were obtained through a cyber-attack on a UCOP system, and that this was the source for the personal information subsequently released.
The security team at UCOP is continuing to investigate this attack and has released a statement.
According to UCOP, “Some UC community members receiving these threatening emails will not have had their data compromised, while other community members with compromised data may not receive any email.” Our UC Santa Barbara team is working with UCOP to determine the scope of this incident and will reach out directly to every member of the UCSB community who is affected.
The UC Cyber Security Awareness Fundamentals course, available through the UC Learning Center, also includes some important guidance about how to protect your personal information and data.