- A third-party cloud service provider Blackbaud was hacked in May but only disclosed the breach on July 23.
- It manages the IT services for the University of York, University of London, Oxford college and other educational institutions.
- Blackbaud claims it was able to get the hackers out of its system but only after “a subset of data” was copied off the servers, which is why they had to pay the ransom.
One of the world’s leading non-profit software companies was the target of a
ransomware attack. A fact they only revealed in July even though the attack was originally detected in May by the company.
The hack has reportedly affected universities, non-profit organisations, and foundations. Blackbaud claims that once it spotted the cybercriminals, the company’s IT experts were able to expel the hackers from the system.
Blackbaud pays the ransomware
Before the hackers got locked out, the attackers were able to remove “a copy of a subset of data”.
Transform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More The group behind the attack then asked for compensation with the threat of releasing the data to the public. “Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed,” said Blackbaud in a
statement.
The payment was made to ensure that the data will not be circulated, misused, or otherwise be made publicly available, according to the company. The company asserts that no credit card, bank account, or social security information was stolen by the hackers.
List of universities that have confirmed being a target of the attack:
- University of York
- Oxford Brookes University
- Loughborough University
- University of Leeds
- University of London
- University of Reading
- University College (Oxford)
- Ambrose University (Canada)
- Rhode Island School of Design (US)
- University of Exeter
There has been a 20% jump in
ransomware attacks globally, second only to Internet-of-Things malware as per SonicWall’s
Cyber Threat Report 2020. The attack on Blackbaud is inline with more operators increasing their focus on ‘soft targets’ like education, hospitals and public administration agencies.
The two-month wait
The bigger issue to be addressed is that the General Data Protection Regulation (GDPR) has asserted that companies must report data breaches to authorities within 72 hours of discovery — or face the consequences in the forms of fines.
The
BBC reports that the UK's Information Commissioner's Office (ICO), as well as the Canadian data authorities, were only informed about the breach last weekend, which is much later than when Blackbaud originally uncovered the threat.
SEE ALSO:
82% of companies in India were hit by ransomware — they paid ₹8 crore on average to save themselves
The Cognizant Maze ransomware saga will show its full impact for many months to come
Ransomware attack puts Priyanka Chopra, Lady Gaga, Madonna and other celebrities’ data at risk — and REvil hackers are known to follow through on their threats
Next Story
I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
One of the world's only 5-star airlines seems to be considering asking business-class passengers to bring their own cutlery
Vodafone Idea FPO allotment – How to check allotment, GMP and more
India fourth largest military spender globally in 2023: SIPRI report
New study forecasts high chance of record-breaking heat and humidity in India in the coming months
Gold plunges ₹1,450 to ₹72,200, silver prices dive by ₹2,300
Strong domestic demand supporting India's growth: Morgan Stanley
Global NCAP accords low safety rating to Bolero Neo, Amaze
