York University confirmed that a ransomware attack by an unidentified group took place in May. Vulnerabilities in their external service provider led to the data breach.
According to an announcement on the University’s website, Blackbaud, one of the world’s largest customer relationship management systems for sectors such as education, confirmed that cybercriminals managed to extract copies of staff, student and pupil records.
The university clarified that the gang did not steal any confidential information, such as bank details or login credentials. In general, the hackers captured basic information such as names, dates of birth, addresses, contact details, donation reports and survey results.
The University of California pays a million-dollar data ransom in crypto currency
A slow response
In the report, York University suggests that Blackbaud’s slow response and reporting of the rape made the situation worse.
Speaking to Cointelegraph, Paul Edon, senior director of technical services at cyber security firm Tripwire, said:
„Many universities employ third parties to help manage and secure their systems. It is imperative that these third parties are aligned with the university in their security objectives and are regularly audited to ensure that they comply with service level agreements. Any misalignment or failure to meet agreed service levels can result in serious gaps in the institution’s overall security.
Spain: Universidad Nebrija offers to apply blockchain in the certification of its graduates
The announcement adds that the attackers could not implement 100% of the ransomware. Bitcoin Formula still advised paying the undisclosed ransom amount required, which the university did. The third-party service provider reportedly received assurances from cybercriminals that the data had been destroyed.
The university issued the following statement:
„We are taking steps to understand how many other parties in the higher education and non-profit sectors have been affected. We are working with Blackbaud to understand why there was a delay between them in finding the breach and notifying us, as well as what actions they have taken to increase their security.
University of San Andrés, Argentine Chamber of Fintech and ARCAP present second edition of Fintech Program
Recently, the University of California at San Francisco School of Medicine paid a $1.14 million ransom in Bitcoin (BTC) to the NetWalker gang after a ransomware attack on June 1.