University of York data breach was kept quiet for two months

Software provider Blackbaud said it paid a ransom on the assurance the criminals will delete the stolen data

The University of York has been hit by a data breach and has questioned why it took so long for its cloud service provider to notify it about the intrusion. 

Software firm Blackbaud was hit by a ransomware attack in May of this year but didn't notify the university that a subset of its data was involved until 16 July. 

The cyber criminals were able to remove data from a number of Blackbaud's clients. The software firm said it has paid the ransom demand, with confirmation that the copy of data they removed had been destroyed. It said it agreed to pay because its customers' data was its "top priority". 

"Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cyber criminal, was or will be misused; or will be disseminated or otherwise made available publicly," Blackbaud said in a statement. 

The university told IT Pro that it was not involved in the decision to pay the ransom and it decline to comment on whether or not it would have. It also said it was working with Blackbaud to understand why there was an almost two-month delay in notifying it of the breach. The university used Blackbaud's service to record engagement with members of its community, including alumni, staff and students, and extended networks and supporters. 

"We will continue to work with Blackbaud to investigate this matter, and we continue to take advice from our Data Protection Officer and IT security team," the University of York said in a statement. 

Related Resource

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

"We very much regret the inconvenience that this data breach by Blackbaud may have caused. Please be assured that we take data protection very seriously and we are grateful for our community's continued support and engagement.

"We have been informed that in order to protect customers data and mitigate potential identity theft, Blackbaud met the cyber criminal's ransomware demand. Blackbaud has advised us that it paid the ransom and received assurances from the cybercriminal that the data had been destroyed."

The university also said it had informed the Information Commissioner's Office (ICO) about the incident and is taking steps to understand how many other parties in the higher education and not-for-profit sector may have been affected. 

Featured Resources

Consumer choice and the payment experience

A software provider's guide to getting, growing, and keeping customers

Download now

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Download now

Business in the new economy landscape

How we coped with 2020 and looking ahead to a brighter 2021

Download now

How to increase cyber resilience within your organisation

Cyber resilience for dummies

Download now

Recommended

ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021
CISOs aren’t leading by example when it comes to cyber security
cyber security

CISOs aren’t leading by example when it comes to cyber security

24 May 2021
New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
What is HTTP error 400 and how do you fix it?
Network & Internet

What is HTTP error 400 and how do you fix it?

16 Jun 2021