{
	"id": "292f9fed-e21d-4f2d-bf94-a1d8168b8810",
	"created_at": "2026-04-06T00:16:37.839042Z",
	"updated_at": "2026-04-10T03:21:06.067895Z",
	"deleted_at": null,
	"sha1_hash": "86f48ebd59f0f91fd7135e7aa71435c716061bba",
	"title": "Ransomware gang leaks data stolen from Colorado, Miami universities",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2343064,
	"plain_text": "Ransomware gang leaks data stolen from Colorado, Miami universities\r\nBy Lawrence Abrams\r\nPublished: 2021-03-23 · Archived: 2026-04-05 14:31:10 UTC\r\nGrades and social security numbers for students at the University of Colorado and University of Miami patient data have\r\nbeen posted online by the Clop ransomware group.\r\nStarting in December, threat actors affiliated with the Clop ransomware operation began targeting Accellion FTA servers and\r\nstealing the data stored on them. Companies use these servers to share sensitive files and information with people outside of\r\ntheir organization.\r\nThe ransomware gang then contacted the organizations and demanded $10 million in bitcoin or they would publish the\r\nstolen data.\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-leaks-data-stolen-from-colorado-miami-universities/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-leaks-data-stolen-from-colorado-miami-universities/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nRansom note sent to Clop victims\r\nSince February, the Clop ransomware operation has been publishing files stolen using vulnerabilities in Accellion FTA file-sharing servers.\r\nClop is now publishing student, university data\r\nThis week, the Clop ransomware gang started publishing screenshots of files stolen from Accellion FTA servers used by the\r\nUniversity of Miami and Colorado.\r\nIn February, the University of Colorado (CU) disclosed that they suffered a cyberattack where threat actors stole data via the\r\nAccellion FTA vulnerability.\r\n\"While the full scope has not yet been determined, early information from the forensic investigation confirms that the\r\nvulnerability was exploited and multiple data types may have been accessed, including CU Boulder and CU Denver student\r\npersonally identifiable information, prospective student personally identifiable information, employee personally identifiable\r\ninformation, limited health and clinical data, and study and research data,\" CU's data breach notification stated.\r\nThe Clop ransomware has begun to post screenshots of the stolen data, including university financial documents, student\r\ngrades, academic records, enrollment information, and student biographical information.\r\nWhile the University of Miami did not disclose a data breach, they did use a secure file sharing service called 'SecureSend'\r\nthat has since been shut down.\r\n\"Please be advised that the secure email application SecureSend (secure.send.miami.edu) is currently unavailable, and data\r\nshared using SecureSend is not accessible,\" reads the University's SecureSend page.\r\nFrom URLs found by BleepingComputer, this SecureSend service was also powered by an Accellion FTA server.\r\nWhile the University of Miami never disclosed a security incident, the Clop ransomware operation also published\r\nscreenshots of patient data.\r\nThis data includes medical records, demographic reports, and a spreadsheet with email addresses and phone numbers.\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-leaks-data-stolen-from-colorado-miami-universities/\r\nPage 3 of 5\n\nMedical records leaked by Clop\r\nThe data allegedly stolen from the University of Miami appears to belong to patients of the University's health system.\r\nThe University of Miami shared the following statement, which can be read in full below.\r\n\"The University of Miami is currently investigating a data security incident involving Accellion, a third-party\r\nprovider of hosted file transfer services. We take data security seriously and data protection is a top priority. As\r\nsoon as we became aware of the incident, we took immediate action to investigate and contain it. We also retained\r\nleading cybersecurity experts to assist with our investigation. We have reported the incident to law enforcement\r\nand are cooperating with their investigation. Based on our investigation to date, the incident was limited to the\r\nAccellion server used for secure file transfers and did not compromise other University of Miami systems or\r\naffect outside systems linked to the University of Miami’s network.\"\r\n\"While we believe based on our investigation to date that the incident is limited to the Accellion server used for\r\nsecure file transfers, we continue to enhance our cybersecurity program to further safeguard our systems from\r\ncyber threats. We continue to serve our University community consistent with our commitment to education,\r\nresearch, innovation, and service.\" - University of Miami.\r\nAt this time, the ransomware gang has only released a few screenshots for each University but will likely release more files\r\nin the future to pressure the victims to pay.\r\nOther Accellion FTA victims extorted by Clop include the supermarket giant Kroger, the Reserve Bank of New Zealand,\r\nthe Australian Securities and Investments Commission (ASIC), Singtel, QIMR Berghofer Medical Research Institute, and\r\nthe Office of the Washington State Auditor (\"SAO\")., and the energy company Shell, \r\nUpdate 3/23/21 08:24 PM EST: Added statement from University of Miami.\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-leaks-data-stolen-from-colorado-miami-universities/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/ransomware-gang-leaks-data-stolen-from-colorado-miami-universities/\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-leaks-data-stolen-from-colorado-miami-universities/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/ransomware-gang-leaks-data-stolen-from-colorado-miami-universities/"
	],
	"report_names": [
		"ransomware-gang-leaks-data-stolen-from-colorado-miami-universities"
	],
	"threat_actors": [],
	"ts_created_at": 1775434597,
	"ts_updated_at": 1775791266,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/86f48ebd59f0f91fd7135e7aa71435c716061bba.pdf",
		"text": "https://archive.orkl.eu/86f48ebd59f0f91fd7135e7aa71435c716061bba.txt",
		"img": "https://archive.orkl.eu/86f48ebd59f0f91fd7135e7aa71435c716061bba.jpg"
	}
}