University of Rochester

May 27, 2023 — 1 min read

The Vermont Office of the Attorney General reported a data breach notification on July 28, 2023, concerning the University of Rochester. The incident involved unauthorized access to personal information through a vulnerability in Progress Software's MOVEit File Transfer solution, which was exploited on May 27, 2023.

Source: https://ago.vermont.gov/document/2023-07-28-university-rochester-data-breach-notice-consumers

TPRM report: https://www.rankiteo.com/company/universityofrochester

"id": "uni648072625",
"linkid": "universityofrochester",
"type": "Vulnerability",
"date": "5/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Education',
                        'location': 'Rochester, NY',
                        'name': 'University of Rochester',
                        'type': 'Educational Institution'}],
 'attack_vector': 'Vulnerability Exploitation',
 'data_breach': {'type_of_data_compromised': 'Personal Information'},
 'date_detected': '2023-05-27',
 'date_publicly_disclosed': '2023-07-28',
 'description': 'Unauthorized access to personal information through a '
                "vulnerability in Progress Software's MOVEit File Transfer "
                'solution.',
 'impact': {'data_compromised': 'Personal Information'},
 'references': [{'date_accessed': '2023-07-28',
                 'source': 'Vermont Office of the Attorney General'}],
 'title': 'Data Breach at University of Rochester',
 'type': 'Data Breach',
 'vulnerability_exploited': "Progress Software's MOVEit File Transfer solution"}

Published by

Jeremy C

University of Rochester

Aquasecurity: CISA Adds Aquasecurity Trivy Scanner Vulnerability to KEV Catalog

IDrive: IDrive for Windows Vulnerability Allows Privilege Escalation Attacks

Synology: Synology DiskStation Manager Vulnerability Puts Users at Risk of Remote Command Execution Attacks