The University of York has confirmed that a ransomware attack from an unnamed gang took place in May, as vulnerabilities from their third-party service provider led to the data breach.
It has been reported in an announcement the University’s website that Blackbaud, one of the world’s largest customer relationship management systems for sectors such as the education, confirmed that the cybercriminals managed to extract copies of staff, alumni, and student records.
However, the university clarified that no sensitive information, such as banking details or login credentials, was stolen by the gang. Overall, the hackers captured basic info like names, date birth dates, addresses, contact details, reports of donations, and survey results.
The UK-based university says Blackbaud responded slowly to ransomware that stole data from staff & students https://t.co/oynq9GSx0K — Cointelegraph (@Cointelegraph) July 22, 2020
In the report, the university suggests that Blackbaud’s slow response and notification about the breach made the situation worse.
Paul Edon, the Senior Director of Technical Services at cybersecurity firm Tripwire, commented:
“Many universities employ third-parties to help manage and secure their systems. It is imperative that these third-parties are aligned with the university in their security objectives and are regularly audited to ensure they are meeting the service level agreements. Any misalignment or failure to meet agreed service levels can result in serious loop-holes in the overall security of the institution.”
Likewise, the announcement adds that the attackers were not able to 100% deploy the ransomware.
Blackbaud still advised paying for the undisclosed ransom amount demanded, which is something that was done by the university. The third-party service provider reportedly received assurances from the cybercriminals that the data had been destroyed.
Thus, the university stated:
“We are taking steps to understand how many other parties in higher education and the wider not-for-profit sector have been affected. We are working with Blackbaud to understand why there was a delay between them finding the breach and notifying us, as well as what actions they have taken to increase their security.”
Source: Cointelegraph | Image: CybersecAsia