UC Regents Settles $5.8 Million Class Action Over 2020-2021 Data Breach The University of California (UC) Regents has finalized a $5.8 million settlement in Erazo v. The Regents of the University of California, resolving a class action lawsuit stemming from a 2020-2021 data breach. The incident, which exposed sensitive information of over 350,000 UC students and employees, occurred between mid-December 2020 and January 2021 due to a compromised file transfer application licensed by Accellion, Inc. The breach allegedly exposed data from the 2020 UC Undergraduate Experience Survey and medical records. While the UC Regents denied wrongdoing as part of the settlement, they agreed to distribute payments to affected individuals, cover litigation costs, and implement enhanced cybersecurity measures for at least two years. These measures include retiring the vulnerable Accellion FTA system, migrating to a secure file transfer product, increasing system monitoring, and providing security training for relevant employees. Payments to the 353,265-member settlement class have begun, with eligible claimants notified via email. The settlement fund will also cover administrative expenses and attorneys' fees. The case was settled on May 29, 2025.

The California Office of the Attorney General reported a data breach at the University of California on May 13, 2021. The breach occurred on December 24, 2020, when an unauthorized third party accessed files containing personal information of UC community members, including Social Security numbers and financial information. Approximately 100 organizations were similarly attacked, but the number of affected individuals specific to UC is unknown.