Accellion data security breach latest to hit universities Inside Higher Ed included academic transcripts, medical records, research grants and employment contracts. The Clop website is known to publish samples of stolen data and then demand a ransom not to publish the rest of the information. So far, no institution has said it was affected by a ransomware attack, although institutions have reported differing experiences. The University of Maryland, Baltimore, received no ransom note, and no software was placed on its system, according to a spokesperson. The University of California system warned that threatening mass emails have circulated, however. A vulnerability in Accellion’s file transfer software was first exploited by cybercriminals in December 2020 and then again in January 2021, a recent report commissioned by Accellion from cybersecurity forensics company FireEye found.