Please ensure Javascript is enabled for purposes of website accessibility

USC ransomware attack removed personal data

Staff Report //September 4, 2020//

USC ransomware attack removed personal data

Staff Report //September 4, 2020//

Listen to this article

A ransomware attack on a University of South Carolina outside vendor resulted in removal of personal data, which may have included demographic information, birthdates and charitable history.

Charleston-headquartered software company Blackbaud Inc. notified the university of the attack on Blackbaud’s self-hosted environment in August, according to a statement on USC’s website. The school said the attack occurred between Feb. 7 and May 20 and was discovered in May.

Blackbaud paid the hacker’s ransom demand and received confirmation that the copy of the data has been destroyed, according to the USC statement and an online statement on Blackbaud’s website which provides details on an unspecified security incident.

Both statements said Blackbaud’s cybersecurity team worked with law enforcement and independent forensics experts to lock out the hacker once the attack was discovered. The data that was removed may have contained names, contact information, birthdates, demographic information and giving histories, according to the university statement.

A message left with Blackbaud Friday seeking additional comment was returned by a switchboard operator who provided an incident hotline number, 855-907-2099, for those affected by the data breach.

“Prior to our locking the cybercriminal out, the cybercriminal removed a copy of a subset of data from our self-hosted environment,” the Blackbaud statement said. “The cybercriminal did not access credit card information, bank account information, or social security numbers.

“Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed. Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly.”

In response to an email from the Columbia Regional Business Report, a Blackbaud spokesperson said the company would not comment beyond the online statement, which also said affected individuals have been notified and given additional information and resources.

USC, which is continuing to monitor the situation, said Blackbaud has identified and fixed the vulnerability that led to the incident.  The university said it will notify its constituents if evidence indicates their information is exposed beyond the initial breach and advised concerned individuals to monitor their credit accounts for unusual activity.