University of York Investigating Data Theft Incident

The University of York has launched an investigation after it had personal details of staff and students stolen by hackers.

As outlined in a statement on the university’s website, the source of the breach was an attack on a third-party service provider, tech firm Blackbaud, which fell victim to ransomware in May 2020. The University of York was first informed of the incident on July 16.

“The cyber-criminal was able to remove a copy of a subset of data from a number of their [Blackbaud’s] clients. This included a subset of University of York data.”

The university uses the Blackbaud system to record engagement with members of the university community, including alumni, staff and students and extended networks and supporters, it outlined.

In terms of the data stolen, the University of York stated this may have included information such as name, date of birth and student number along with address, phone number, email address and professional details.

However, it said that a Backbaud investigation found that no encrypted information, such as bank account details or passwords were accessed, whilst no credit card information formed part of the data theft either.

“We have been informed that in order to protect customers’ data and mitigate potential identity theft, Blackbaud met the cyber-criminal’s ransomware demand. Blackbaud has advised us that it paid the ransom and received assurances from the cyber-criminal that the data had been destroyed,” the statement continued.

“There is no need for our community to take any action at this time. As a best practice, we r ..

Support the originator by clicking the read the rest link below.