Security News > 2020 > July > Brit unis hit in Blackbaud hack inform students that their data was nicked, which has gone as well as you might expect
Uncommonly well-informed people knew all about it by reading The Register's report of the Blackbaud ransom payment last week, but mere Muggles only heard of it when universities began informing students, staff and alumni that their personal data had been nicked.
The University of York told its students and alumni on Wednesday that names, dates of birth, student numbers, addresses, phone and email addresses, fundraising details, details of occupation and employer details were among the data stolen, according to student news site York Mix.
Leeds University alumnus Chloe Roche told the Yorkshire Post that her former institution had passed on the news that Blackbaud paid off the ransomware criminals in exchange for a promise that the crims would delete the stolen data.
She said: "We have been notified that Blackbaud have paid a ransom for the hackers to destroy our private information, but I find that really disconcerting too. Ultimately, we've no way of knowing what has actually been done with our data and the idea that a company is being blackmailed for it makes me feel really uneasy. The potential for it to be sold or passed on also worries me so it's very stressful."
Supply chain attacks, where middlemen and processors of important data become targets rather than companies or institutions themselves, are lower-profile targets than they otherwise might be.