The Regents of the University of California, Accellion and Inc.: UC Regents pay $5.8 million in class action lawsuit. Did you get paid?

UC Regents Settles $5.8 Million Class Action Over 2020-2021 Data Breach

The University of California (UC) Regents has finalized a $5.8 million settlement in Erazo v. The Regents of the University of California, resolving a class action lawsuit stemming from a 2020-2021 data breach. The incident, which exposed sensitive information of over 350,000 UC students and employees, occurred between mid-December 2020 and January 2021 due to a compromised file transfer application licensed by Accellion, Inc.

The breach allegedly exposed data from the 2020 UC Undergraduate Experience Survey and medical records. While the UC Regents denied wrongdoing as part of the settlement, they agreed to distribute payments to affected individuals, cover litigation costs, and implement enhanced cybersecurity measures for at least two years. These measures include retiring the vulnerable Accellion FTA system, migrating to a secure file transfer product, increasing system monitoring, and providing security training for relevant employees.

Payments to the 353,265-member settlement class have begun, with eligible claimants notified via email. The settlement fund will also cover administrative expenses and attorneys' fees. The case was settled on May 29, 2025.

Source: https://www.desertsun.com/story/news/nation/california/2026/03/20/over-350000-were-paid-in-a-class-action-against-erazo-v-the-regents-of-the-university-of-california/89186414007/

University of California Office of the President cybersecurity rating report: https://www.rankiteo.com/company/ucop

Kiteworks cybersecurity rating report: https://www.rankiteo.com/company/kiteworkscgcp

"id": "UCOKIT1774240010",
"linkid": "ucop, kiteworkscgcp",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '353,265 students and employees',
                        'industry': 'Education/Higher Education',
                        'location': 'California, USA',
                        'name': 'University of California (UC) Regents',
                        'type': 'Educational Institution'}],
 'attack_vector': 'Compromised file transfer application (Accellion FTA)',
 'customer_advisories': 'Eligible claimants notified via email',
 'data_breach': {'number_of_records_exposed': '353,265',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (personally identifiable '
                                        'information, medical records)',
                 'type_of_data_compromised': ['Medical records',
                                              '2020 UC Undergraduate '
                                              'Experience Survey data']},
 'date_detected': '2021-01',
 'date_resolved': '2025-05-29',
 'description': 'The University of California (UC) Regents has finalized a '
                '$5.8 million settlement in *Erazo v. The Regents of the '
                'University of California*, resolving a class action lawsuit '
                'stemming from a 2020-2021 data breach. The incident exposed '
                'sensitive information of over 350,000 UC students and '
                'employees due to a compromised file transfer application '
                'licensed by Accellion, Inc.',
 'impact': {'data_compromised': 'Sensitive information of over 350,000 '
                                'individuals',
            'financial_loss': '$5.8 million settlement',
            'identity_theft_risk': 'Exposure of sensitive information (e.g., '
                                   'medical records, survey data)',
            'legal_liabilities': 'Class action lawsuit settlement',
            'operational_impact': 'Enhanced cybersecurity measures implemented '
                                  'for at least two years',
            'systems_affected': 'File transfer application (Accellion FTA)'},
 'investigation_status': 'Settled',
 'post_incident_analysis': {'corrective_actions': 'Retired Accellion FTA, '
                                                  'migrated to secure file '
                                                  'transfer product, increased '
                                                  'monitoring, security '
                                                  'training',
                            'root_causes': 'Vulnerability in Accellion FTA '
                                           'system'},
 'recommendations': 'Retire vulnerable systems, migrate to secure '
                    'alternatives, enhance monitoring, and provide security '
                    'training',
 'references': [{'source': 'Class action settlement notice'}],
 'regulatory_compliance': {'legal_actions': 'Class action lawsuit (*Erazo v. '
                                            'The Regents of the University of '
                                            'California*)'},
 'response': {'communication_strategy': 'Notified eligible claimants via email',
              'containment_measures': 'Retired the vulnerable Accellion FTA '
                                      'system',
              'enhanced_monitoring': 'Increased system monitoring',
              'remediation_measures': 'Migrated to a secure file transfer '
                                      'product, increased system monitoring, '
                                      'provided security training for relevant '
                                      'employees'},
 'title': 'UC Regents Settles $5.8 Million Class Action Over 2020-2021 Data '
          'Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Vulnerability in Accellion FTA system'}