University of Rochester investigates data breach

The University of Rochester is currently conducting an investigation into a cybersecurity attack resulting from a software vulnerability in a third-party file transfer company.

The report states that attack that has affected the university has also affected approximately 2,500 other organizations worldwide. While the wording is intentionally vague, it seems that this is either a victim of the Fortra GoAnywhere MFT breach or the more recent MOVEit critical vulnerability that's actively exploited.

While the full scope of the impact and the specific personal data accessed is not yet known, the university has urged faculty, staff, students, and their dependents to take immediate steps to protect their personal information.

Update: The data breach may have exposed some of the personal information of students and employees, along with their spouses, domestic partners, and dependents. The university says all individuals directly impacted by the breach will receive a letter in the mail detailing the exact data that was compromised.

The advice includes resetting passwords andusing strong passwords, enabling two-factor authentication, and monitoring financial records for any suspicious activity.