Yeshiva University suffered a data breach due to unauthorized access via a vulnerability in the Accellion File Transfer Appliance, exploited between December 21–23, 2020. The incident impacted 3,380 individuals, including 7 residents, exposing their personal information. The breach was detected on April 6, 2021, nearly four months after the initial compromise. In response, the university offered one year of credit monitoring and identity theft protection services through Experian to affected individuals. The breach stemmed from a third-party software vulnerability, highlighting risks associated with legacy systems. While the exact type of compromised data (e.g., financial, medical, or personally identifiable information) was not explicitly detailed in the report, the scale and mitigative measures (credit monitoring) suggest exposure of sensitive personal data. The delayed discovery further exacerbated potential risks, as attackers had prolonged access to the system. The incident underscores the critical need for timely patch management and proactive monitoring of third-party vendor vulnerabilities to prevent large-scale data exposure.
TPRM report: https://www.rankiteo.com/company/yeshiva-university-shevet-glaubach-center
"id": "yes1054090725",
"linkid": "yeshiva-university-shevet-glaubach-center",
"type": "Breach",
"date": "12/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 3380,
'industry': 'Higher Education',
'location': 'New York, USA',
'name': 'Yeshiva University',
'type': 'Educational Institution'}],
'attack_vector': 'Exploitation of vulnerability in third-party software '
'(Accellion File Transfer Appliance)',
'customer_advisories': 'Credit monitoring and identity theft protection '
'services offered to affected individuals',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 3380,
'personally_identifiable_information': True},
'date_detected': '2021-04-06',
'description': 'The Maine Office of the Attorney General reported that '
'Yeshiva University experienced a data breach due to '
'unauthorized access via a vulnerability in the Accellion File '
'Transfer Appliance, which occurred between December 21 and '
'December 23, 2020, affecting 7 residents and a total of 3,380 '
'individuals. The breach was discovered on April 6, 2021, and '
'Yeshiva offered one year of credit monitoring and identity '
'theft protection services from Experian to the affected '
'individuals.',
'impact': {'brand_reputation_impact': 'Potential negative impact (credit '
'monitoring offered)',
'data_compromised': True,
'identity_theft_risk': True,
'systems_affected': ['Accellion File Transfer Appliance']},
'initial_access_broker': {'entry_point': 'Accellion File Transfer Appliance '
'vulnerability'},
'investigation_status': 'Discovered; remediation (credit monitoring) offered',
'post_incident_analysis': {'root_causes': 'Vulnerability in third-party '
'Accellion File Transfer Appliance'},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
'Attorney General']},
'response': {'incident_response_plan_activated': True,
'remediation_measures': ['Offered one year of credit monitoring '
'and identity theft protection '
'(Experian)']},
'title': 'Yeshiva University Data Breach via Accellion File Transfer '
'Appliance Vulnerability',
'type': 'Data Breach',
'vulnerability_exploited': 'Accellion File Transfer Appliance vulnerability'}