Threat Watch

Blackbaud, Cal State University Northridge Hit With Ransomware

Threat actors carried out an attack against Cal State University Northridge by way of ransomware. The ransomware was discovered on the network of Blackbaud, a third-party software and hosting provider company used by the University. Blackbaud discovered and stopped the ransom attack sometime in May, but the attack is believed to have started as early as February. While it is unknown what type of data was accessed, Blackbaud paid for assurance that the data had been deleted by the hacker. Cal State Northridge says they can’t confirm if the data was actually destroyed. Blackbaud officials stated that the information accessed by the criminals did not include credit card information, bank account information or Social Security numbers. Until further information is released, students were requested to keep a close eye on any accounts that could be associated with the school.

ANALYST NOTES

Third-party service providers, including hosting providers and Managed Services Providers (MSPs) are often attacked because their systems provide access to data from multiple clients and, as a result, the attacker has more leverage to demand a ransom payment. Depending on the scale of the breach and what data was compromised, the university or third-party may offer free credit monitoring services. If this ends up being the case, anyone who was affected should take advantage of the offer but realize the limitations of credit monitoring – it can only identify fraud after it has happened. If suspicious financial account activity is detected, it should be reported as soon as possible. As a precautionary measure, placing a credit freeze with the major credit bureaus can reduce the likelihood of criminals opening up new financial accounts using students’ identity information.

Sources: https://abc7.com/csun-cyberattack-cal-state-northridge-hack-hackers-data-stolen/6349329/

CSUN announces data breach at third-party software provider Blackbaud

Cal State Northridge officials announce cyberattack