A UK-based university is investigating the slow response to a ransomware attack that took place in May.
The University of York has confirmed that a ransomware attack from an unnamed gang took place in May. Vulnerabilities from their third-party service provider led to the data breach.
According to an announcement via the University’s website, Blackbaud, one of the world’s largest customer relationship management systems for sectors such as the education, confirmed that the cybercriminals managed to extract copies of staff, alumni, and student records.
The university clarified that no sensitive information, such as banking details or login credentials, were stolen by the gang. Overall, the hackers captured basic info like names, date birth dates, addresses, contact details, reports of donations, and survey results.
A slow response
In the report, the University of York suggests that Blackbaud’s slow response and notification about the breach made the situation worse.
Speaking with Cointelegraph, Paul Edon, senior director, technical services at cybersecurity firm Tripwire, commented:
“Many universities employ third-parties to help manage and secure their systems. It is imperative that these third-parties are aligned with the university in their security objectives and are regularly audited to ensure they are meeting the service level agreements. Any misalignment or failure to meet agreed service levels can result in serious loop-holes in the overall security of the institution.”
The announcement adds that the attackers were not able to 100% deploy the ransomware. Blackbaud still advised paying for the undisclosed ransom amount demanded, which is something that was done by the university. The third-party service provider reportedly received assurances from the cybercriminals that the data had been destroyed.
The university issued the following statement:
“We are taking steps to understand how many other parties in higher education and the wider not-for-profit sector have been affected. We are working with Blackbaud to understand why there was a delay between them finding the breach and notifying us, as well as what actions they have taken to increase their security.”
Recently, the University of California at San Francisco School of Medicine reportedly paid a $1.14 million ransom in Bitcoin (BTC) to the NetWalker gang following a ransomware attack on June 1.
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.