California State University – Northridge (CSUN) is a victim of a data breach which took place between February and May this year. A cyber attack on their software provider, Blackbaud, has resulted in the theft of customer data from the university.
Blackbaud provides cloud hosting and customer management solutions (CMS) for CSUN and is based in Charleston, S.C.,. The company’s spokesperson said in a statement that while the hackers did not successfully install ransomware or encrypt files, they were able to steal a subset of data from the company’s self-hosted environment where clients save files. Blackbaud did not reveal the exact nature of the stolen data, but said it did not include credit card information, bank account information, or Social Security numbers. It paid a ransom demand so the hackers would delete the stolen data.
On Friday July 31, 2020, CSUN issued a letter to staff and students notifying them of the school’s involvement in the hack. It should be noted that there is no way CSUN or Blackbaud could know if the data actually has been deleted by the hackers.
Dozens of other higher education institutions in the UK and nonprofits across the world are also victims of the data hack.
All companies can reduce the risk of these types of attacks by taking the following precautions:
- Audit your trusted suppliers’ data security policies and procedures.
- Make sure that your Information Security Policy requires all computers and servers (including cloud environments) that store or process confidential and sensitive data are configured to a known security benchmark published by the Center for Internet Security (CIS).
MAP CYBERSECURE can help you set up a cyber security strategy to reduce the risk of your firm’s data being hacked. And if your firm is a victim of a cyber attack, MAP CYBERSECURE can help manage your firm’s recovery and set up systems to reduce the risk of future attacks. Please contact Kevin Holmes firstname.lastname@example.org at 818-290-5858 or Dave Watts email@example.com at 323-606-7608 for additional information.