CSUN notified its student body in an email on Friday that a data breach occurred at Blackbaud, a third party software and cloud hosting provider for the university.
According to a statement from the software company, hackers breached Blackbaud’s network and attempted to install ransomware to lock the company out of their servers and customers’ data. The breach occurred between February and May of this year.
In the statement, Blackbaud said it paid the hackers a ransom upon receiving confirmation that the hackers deleted a copy of the data they managed to remove from Blackbaud. The company said that no credit card data was compromised and that all sensitive data, such as social security numbers or government ID numbers, was encrypted.
“Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly,” the Blackbaud statement said.
CSUN says it has no way of independently verifying that the hackers deleted the data.
CSUN is not the only university affected by the data breach. Blackbaud provides its services to a number of other campuses in the California State University system; many other universities and organizations in the U.S., Canada and the United Kingdom were also affected, according to BBC.
“The campuses take privacy and information security very seriously, and protecting personal data and information is a top priority,” CSUN said in the email. “That is why it is troubling that Blackbaud waited so long to notify the CSU and other clients about the data incident that took place two months ago.”
CSUN recommended that campus community members who are worried that their identity might be stolen should periodically obtain a credit report.