University of York Investigating Data Theft Incident


The University of York has launched an investigation after it had personal details of staff and students stolen by hackers.

As outlined in a statement on the university’s website, the source of the breach was an attack on a third-party service provider, tech firm Blackbaud, which fell victim to ransomware in May 2020. The University of York was first informed of the incident on July 16.

“The cyber-criminal was able to remove a copy of a subset of data from a number of their [Blackbaud’s] clients. This included a subset of University of York data.”

The university uses the Blackbaud system to record engagement with members of the university community, including alumni, staff and students and extended networks and supporters, it outlined.

In terms of the data stolen, the University of York stated this may have included information such as name, date of birth and student number along with address, phone number, email address and professional details.

However, it said that a Backbaud investigation found that no encrypted information, such as bank account details or passwords were accessed, whilst no credit card information formed part of the data theft either.

“We have been informed that in order to protect customers’ data and mitigate potential identity theft, Blackbaud met the cyber-criminal’s ransomware demand. Blackbaud has advised us that it paid the ransom and received assurances from the cyber-criminal that the data had been destroyed,” the statement continued.

“There is no need for our community to take any action at this time. As a best practice, we recommend people remain vigilant and promptly report any suspicious activity or suspected identity theft to the proper law enforcement authorities.”

The university’s own investigation into the incident is ongoing and it has notified the UK’s Information Commissioner’s Office (ICO).

Commenting on the story, Jake Moore, cybersecurity specialist at ESET, said: “Every single day that an organization delays informing those affected is another day where their data is in the wrong hands and is at risk of being abused by criminals. Victims must be made aware at the earliest opportunity and organizations need to urgently understand the huge risk those affected are at.

“The ICO states they need to be informed of an attack within 72 hours and threaten organizations with hefty fines, but this still doesn’t mean they will be forced to pay. This in turn increases the possibility of such organizations being slow to react when making those affected aware of the risks, and puts people’s personal information in jeopardy.”



Source link

Recent articles

Will Congress Act on Covid Soon? ‘I’m Not Optimistic’

The debate continues over the coronavirus stimulus, and Joe Arpaio, 88, comes back on the scene (yes, really). It’s Monday, and this is...

Havenly discloses data breach after 1.3M accounts leaked online

Havenly, a US-based interior design web site, has disclosed a data breach after a hacker posted a database containing 1.3 million user records for...

P&W makes significant cuts to Singapore workforce | News

Pratt & Whitney, which in recent days refuted rumours that it had axed workers in Singapore, has cut a portion of its workforce...

FIFA World Cup 2022™ – News – Congo DR’s Kiassumbua keen for more World Cup glory

Joel Kiassumbua plays in goal for Congo DR A FIFA U-17 World...

Why the U.S. Dropped Atomic Bombs on Japan

UNCONDITIONALThe Japanese Surrender in World War IIBy Marc GallicchioEvery August, newspapers are dotted with stories of Hiroshima and Nagasaki, accompanied by a well-picked-over...

Coronavirus: UK to roll out millions of 90-minute ‘rapid tests’ | Coronavirus pandemic News

Britain is set to roll out millions of new, 90-minute "rapid tests" for the novel coronavirus and other viruses common in winter, the...

Leave a reply

Please enter your comment!
Please enter your name here