A UK-based university is investigating the slow response to a ransomware attack that took place in May.
The University of York has confirmed that a ransomware attack from an unnamed gang took place in May. Vulnerabilities from their third-party service provider led to the data breach.
According to an announcement via the University’s website, Blackbaud, one of the world’s largest customer relationship management systems for sectors such as the education, confirmed that the cybercriminals managed to extract copies of staff, alumni, and student records.
The university clarified that no sensitive information, such as banking details or login credentials, were stolen by the gang. Overall, the hackers captured basic info like names, date birth dates, addresses, contact details, reports of donations, and survey results.
A slow response
In the report, the University of York suggests that Blackbaud’s slow response and notification about the breach made the situation worse.
Speaking with Cointelegraph, Paul Edon, senior director, technical services at cybersecurity firm Tripwire, commented:
“Many universities employ third-parties to help manage and secure their systems. It is imperative that these third-parties are aligned with the university in their security objectives and are regularly audited to ensure they are meeting the service level agreements. Any misalignment or failure to meet agreed service levels can result in serious loop-holes in the overall security of the institution.”
The announcement adds that the attackers were not able to 100% deploy the ransomware. Blackbaud still advised paying for the undisclosed ransom amount demanded, which is something that was done by the university. The third-party service provider reportedly received assurances from the cybercriminals that the data had been destroyed.
The university issued the following statement:
“We are taking steps to understand how many other parties in higher education and the wider not-for-profit sector have been affected. We are working with Blackbaud to understand why there was a delay between them finding the breach and notifying us, as well as what actions they have taken to increase their security.”