Exploit: Third Party Data Breach
University of York: Institution of Higher Learning
Risk to Small Business: 2.227 = Severe
Last week we reported on a data breach at fundraising services provider BlackBaud, and this week we’re starting to see the fallout from that ransomware incident. Information that was breached for University of York students and alumni who have participated in fundraising events includes name, title, gender, date of birth, student number, home address, phone numbers, email addresses, LinkedIn profile details, course and educational attainment details, fundraising activities, fundraising event participation, fundraising volunteering, donations made, and professional details.
Individual Risk: 2.804 = Moderate
No financial information was reported as breached, and the personal information taken was generally publically available. Alumni will need to be especially cautious of possible spear phishing attempts made using this information.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: A vendor or service provider’s cybersecurity failures could cause a data breach that not only affects another company, it also affects its customers. This is especially dangerous when that third party handles sensitive personal or financial data.