"Because protecting our customers' data is our top priority, we paid the cybercriminal's demand with confirmation that the copy they removed had been destroyed."
Yeah, I'm sure they did.
British universities are waking up to last week's ransomware attack on cloud CRM purveyor Blackbaud – though it appears some haven't realised the American software company paid the ransom. As hack notifications started filtering through the world of student and alumni relations management software, news reports emerged this …
There's a surprising amount of money in essay writing; people who will pay £100s for an essay because they can't do it themselves could easily pay money for well graded course work to copy. Turnitin might well catch them, but that's very much not the seller's problem.
That's not what this is though; it's alumni data; just boring CRM stuff that can be used for fraud etc.
When I were a lad at Plymouth Poly, I used to leave my maths responses in a pigeon hole, ready for collection by the tutor for marking. Thing is, I was always quite early. Every fortnight a carton of 200 fags would magically appear in my digs.
I studied Civil Engineering and there is a small but fair chance that if you are a Brit, you have driven or walked over a bridge designed by an engineer who had a few snags with fourth order differential equations back in college.
Nowhere in the story does it say that the data was stored in US servers. The hacked servers are described as "self-hosted," so if the servers were administered by the universities, the onus of GPDR compliance was on them.
Which doesn't make any of this look any better for Blackbaud, of course.
Just received the email from one of my alma maters. Assurance that no payment information was taken but warning to be aware of phishing as personal details taken. Not sure if I'll be able to spot any fallout of this from all the other phishing emails that turn up... Basically, we're all vulnerable and sufficient information about most of us is out there if anyone wants it; a database like this probably gets a premium so I, too, doubt it hasn't been deleted (after all, what do the crime have to lose)...
Every time I see these stories I feel good that I stopped filling in forms and donating my personal information all over the place years ago. Cynicism should be taught in school. Lying should be taught in the years leading up to college. When I was young, I was guilty of being diligent in completely filling in a form that was handed to me on a clipboard without ever questioning why the company/school/doctor/dentist/etc needed all of that information. I've long since stopped doing that and will lie if necessary. Of course, you can't do that with the government, but as they have your info anyway, why can't they fill out the form for you and save some time? The cops have well honed BS detectors too so it's better to say nothing than to lie. Everybody else can be lied to with impunity in most cases so have at it if they're being snoopy.
"The fact that they fucked up in the first place ought to be enough for that. But the likes of Capita etc seem to suggest that incompetence and failure don't preclude continuing to gain business these days."
I wish I could give you more than one upvote for that.
Biting the hand that feeds IT © 1998–2020