The University of York has announced that a ransomware attack suffered by its CRM provider Blackbaud resulted in a cyber criminal stealing the personal information of its alumni, staff, and students and using the data to demand ransom from the company.
The ransomware attack took place in May and despite various cyber security protocols put in place by Blackbaud, the hacker was able to remove a copy of a subset of data from the firm's self-hosted environment. The compromised data included information belonging to the University of York as the university used Blackbaud's CRM system to record engagement with members of its community, including alumni, staff, and students.
In a data security incident notification posted on its website, Blackbaud said that its cyber security team was able to prevent the hacker from blocking its IT system and fully encrypting files after the ransomware attack was detected. However, they were not able to prevent the hacker from stealing a subset of data that stored information belonging to its clients.
"Prior to our locking the cybercriminal out, the cybercriminal removed a copy of a subset of data from our self-hosted environment. The cybercriminal did not access credit card information, bank account information, or social security numbers. Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed," the firm said.
"Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly. This incident did not involve solutions in our public ..
Support the originator by clicking the read the rest link below.
