The recent successful hack of UC Berkeley, and the subsequent leak of personal identifying information, is a major security breach of deep concern - particularly as it could have been prevented.
UC Berkeley was hacked via flaws in a 20-year-old legacy File Transfer Appliance sold by technology firm Accellion. Accellion has since been accused of failing to “safeguard and protect the sensitive information” of users in a class action lawsuit. The installation of simple hardware - such as Q-Net Security’s Q-Box - would have prevented attackers from exploiting flaws in the Accellion system and stealing UC Berkeley data.
The stolen personally identifiable information, including UC Berkeley’s student and employee names, social security numbers, phone numbers and addresses, have been leaked online. Some of the data is freely available to anyone, whilst some is being held by the cybercriminal gang and sold to the highest bidder.
It’s not only UC Berkley who have been impacted by the Accellion breach. The reported victims - all users of Accellion’s File Transfer Appliance - include about half a dozen universities including Harvard Business School, grocery chain Kroger, the Reserve Bank of New Zealand, global law firm Jones Day (known for representing former-President Trump during his effort to overturn the 2020 election), cybersecurity company Qualys, and the state of Washington. The latter have initiated a class action lawsuit against Accellion.
“When even cybersecurity companies can fall victim to cyberattacks, we know there must be a major problem with the traditional method of cybersecurity via software” says Dr. Ron Indeck, founder of Q-Net Security.
All security software, by its nature, can be re-written; as such, all software-based cybersecurity solutions are vulnerable to hackers. But a new class of simple, cost-effective solutions on the market – known as hardware-based solutions – could have protected sensitive data and prevented the Accellion hack from ever happening.
The addition of hardware-based security systems - such as Q-Net Security’s Q-Box - could have secured Accellion’s legacy system without patches or updates - securing the personal data of millions of users. Until hardware-based security is implemented, all companies must ask themself if they, too, are at risk of future cyberattacks.