Sun Jul 26 2020
US Cloud provider has had to pay a ransom to ensure stolen data is deleted
At least seven UK universities were hit by ransomware attacks in May as part of a sustained global attack against their US based cloud provider Blackbaud.
In a report released by the BBC, some of the higher education institutions named as victims of the attack include:
Blackbaud released a statement on it’s website revealing more details of the attack and why they’d paid an undisclosed ransom to the hackers, who promised in return to delete all the data that was stolen from their systems.
Because protecting our customers' data is our top priority, we paid the cybercriminal's demand with confirmation that the copy they removed had been destroyed.
Based on the nature of the incident, our research and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly.
They followed up their statement by conforming no bank details, credit card information or social security data was accessed in the attack.
The information that was taken included names, gender, contact details and, in some cases, charitable donation history.
Most of the universities have now contacted affected students and donors and the University of York has confirmed that they’d contacted the Information Commissioner’s Office (ICO) about the breach and were ‘awaiting further guidance’.
People have the right to expect that organisations will handle their personal information securely and responsibly. The University of York has reported an incident to us, and we will be making inquiries
Sun Jul 26 2020