Dear Colleagues:
Wednesday afternoon, many employees received an email with the subject line “A new version of Burst report is available” along with an attached document. The attachment contained a list of current and former employees from the same UCLA department as the employees who received the email. In addition to employee names, the attachment also listed those employees’ employee ID numbers, job HR status, position number and department ID. Many people were concerned that this event might have been an attack on our systems. We can assure you that this was not a cyberattack but the result of a mistake during the testing of a new report distribution.
The Information Security team worked with internal teams to contain the incident and stop the messages from being distributed. Last night we used an automated process to recall the messages that were sent, although some still remain. If you have copies of this email in your account, or saved elsewhere, please delete those emails or copies.
We are continuing to work to understand exactly how this happened and will take appropriate steps to prevent this type of event from occurring in the future. We apologize for this incident and any concerns this may have caused. Based upon our assessment, you do not need to take any actions as the data does not pose a risk to your personal or financial accounts.
Sincerely,
Lucy Avetisyan
Associate Vice Chancellor
Chief Information Officer
Information Technology Services
