Data Security Breach

April 2, 2021
Dear Colleagues,
This week, the University of Maryland, Baltimore (UMB) Center for Information Technology Services (CITS) became aware that data was stolen from our Accellion secure file transfer system in December 2020. The evidence we have indicates that a very limited number of individuals had their personally identifiable information exposed by the cyber criminals on an illegal website.
Our first priority is to protect the data of our employees and students. Upon learning of this attack, we identified and notified the individuals known to be affected by this criminal activity and are providing them with free credit monitoring and identity restoration services. All appropriate federal and state authorities have been contacted, and CITS will assist them in their investigations in any way we can. We also continue to rigorously monitor for any signs that additional individuals were affected.
It is important to note that every appropriate security measure was taken prior to this attack, including rigorous monitoring and the installation of all patches and software upgrades provided by Accellion. At the end of January 2021, even before learning that data was stolen in December, CITS executed an existing plan to replace the existing appliance with another secure file transfer solution.
UMB is not alone in this attack. Over 300 other Accellion customers have been impacted, including Fortune 500 companies, compliance and security firms, and higher education institutions such as Stanford University, the University of Miami (Fla.), the University of Colorado, and Harvard Business School.
Being in such company is not a source of comfort, but it is a reminder to us that even with all of the security protections in place, this type of criminal activity can occur. We must and we will remain vigilant in our efforts to ensure the security of the critical and private information of our community and those we serve.
Peter J. Murray, PhD
Chief Information Officer and Vice President
For general information about security breaches and steps you can take to protect your identity, call 410-576-6550 or visit the website of the Maryland Office of the Attorney General at
To Contact Major Consumer Credit Bureau Agencies:
Equifax. 800-685-1111.
Experian. 888-EXPERIAN (888-397-3742)
Transunion. 888-909-8872.
The FTC has a toll-free number, 1-877-IDTHEFT ( 877-438-4338) where consumers who have been victims of identity theft can report the crime and get advice from telephone counselors trained to provide assistance to ID theft victims.

Users can access the SecureXfer service from the following website

The SecureXfer service provides a secure way to send large files to recipients both inside and outside the University. Rather than using an email account to transfer or receive very large attachments, individuals can use SecureXfer to transfer these files.  Users upload files to the SecureXfer service and then send out messages to individuals with a link to the file or files stored in SecureXfer. 

SecureXfer is available for use by University faculty, staff, students, and affiliates with active myUM Directory Accounts.

Frequently Asked Questions

Who can use SecureXfer?

For full access to SecureXfer, you must have an active myUM Directory account. Your username is your UMID and your password is your UMID password. If you need to set up or change your UMID password, go here.   

If you do not know the status of your UMID account or need assistance logging in with your UMID and password, please email the HelpDesk.

Individuals who are not part of UMB can be invited to use the SecureXfer system to send files to SecureXfer users at the University.

How do I invite users outside of the University to use SecureXfer?

If someone who is not a UMB employee, student, or affiliate needs to send a large file to someone who is part of UMB, they can be invited to use the SecureXfer service to send you the file. 

These invited users have limited access to SecureXfer; they can only send files to individuals at the University. 

If a UMB employee, student, or affiliate would like to receive a large file from a non-UMB user outside of the University, they can simply send an email to the non-UMB user from the SecureXfer web page. This will allow the non-UMB user to create an account to send files to internal UMB employees, students, and affiliates. 

If a UMB employee, student, or affiliate is sending a large file to non-UMB users outside of the University, sending a separate invitation is not required.

How do I access SecureXfer?

Users can access SecureXfer from the following website.

What is my login and password for SecureXfer?

University of Maryland employees, students, and affiliates use their UMID and password to log into the SecureXfer service. If you need to set up or change your UMID password, go to the myUM Account Management Site

If you need assistance logging in with your UMID and password, please email the IT Help Desk

Users who are not part of the University of Maryland campus, but received an email to use SecureXfer, can use their email address as the username and the password they set up when they received an email to use SecureXfer.

How do I reset my SecureXfer Password?

UMB employees, students, and affiliates can reset their UMID and password from the myUM Account Management Site. 

All other users who are not UMB employees, students, or affiliates should use the “Forgot Password” feature found on the SecureXfer login page.

How do I change the email address listed in SecureXfer?

UMB employees, students, and affiliates should contact the IT Help Desk to update the email address associated with their SecureXfer Account.

How big of a file can be sent using SecureXfer?

When using the SecureXfer service, the maximum storage limit per user is 10GB. The maximum file size limit is therefore 10GB.

How long will files be stored on SecureXfer?

The SecureXfer service is NOT for permanent file storage and will only store files for up to 14 days. Files not retrieved within 14 days will automatically be deleted from the system.