| Recurring |
one_organization, multiple_organization |
a) The software failure incident having happened again at one_organization:
- Blackbaud, the cloud computing provider targeted in the hack, experienced a ransomware attack in May where hackers stole data from their systems [102531].
b) The software failure incident having happened again at multiple_organization:
- Multiple universities in the UK, US, and Canada, including University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada, Rhode Island School of Design in the US, and University of Exeter, were affected by the hack targeting Blackbaud [102531]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in the Blackbaud hack can be attributed to the design phase. The incident occurred due to a ransomware attack on Blackbaud's systems, a cloud computing provider that offers education administration, fundraising, and financial management software [102531]. The hackers targeted Blackbaud's systems, indicating a vulnerability in the design or security measures of the software. Additionally, the delayed disclosure of the hack by Blackbaud and the decision to pay the hackers an undisclosed ransom suggest weaknesses in the system's design or security protocols.
(b) The software failure incident can also be linked to the operation phase. The incident involved data being stolen from at least 10 universities, Human Rights Watch, and Young Minds after hackers attacked Blackbaud's systems [102531]. This indicates that the operation of the system, including how data was stored and accessed, played a role in the breach. The fact that the hackers were able to remove a copy of data from Blackbaud's environment before being locked out suggests operational vulnerabilities that allowed unauthorized access to sensitive information. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident involving the Blackbaud hack was primarily due to contributing factors that originated from within the system. The hack targeted Blackbaud's systems, which are used for education administration, fundraising, and financial management software [Article 102531]. The ransomware attack resulted in data being stolen from at least 10 universities and organizations, including student and alumni information, donation history, and events attended. Blackbaud discovered and stopped the ransomware attack in May but did not disclose it externally until July, and the company paid the hackers an undisclosed ransom [Article 102531]. The incident involved a breach of data within the Blackbaud system, highlighting a failure originating from within the software system itself. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in this case was primarily due to non-human actions, specifically a ransomware attack on the cloud computing provider Blackbaud's systems. The hackers targeted Blackbaud's systems and managed to steal a subset of data from their self-hosted environment [102531].
(b) However, human actions also played a role in this incident as Blackbaud decided to pay the hackers an undisclosed ransom to prevent the stolen data from being misused. This decision to pay the ransom goes against the advice of law enforcement agencies like the FBI, NCA, and Europol [102531]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident in this case occurred due to contributing factors that originate in hardware. The incident involved a hack targeting Blackbaud, a cloud computing provider, where hackers attacked the company's systems. The hack resulted in data being stolen from at least 10 universities in the UK, US, and Canada, as well as from organizations like Human Rights Watch and Young Minds. Blackbaud discovered and stopped a ransomware attack on its self-hosted environment, during which the cyber-criminal removed a copy of a subset of data [Article 102531].
(b) The software failure incident also had contributing factors originating in software. Blackbaud, the software provider, faced criticism for not disclosing the hack externally until July, despite the attack occurring in May. Additionally, Blackbaud paid the hackers an undisclosed ransom, which is against the advice of law enforcement agencies like the FBI, NCA, and Europol. The incident highlighted concerns about data security and privacy, especially under the General Data Protection Regulation (GDPR) [Article 102531]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident in this case is malicious. Hackers attacked the cloud computing provider Blackbaud, one of the world's largest providers of education administration, fundraising, and financial management software, with the intent to steal data. The hackers demanded and received an undisclosed ransom from Blackbaud after removing a copy of a subset of data from their systems [102531]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
[a] The software failure incident related to the Blackbaud hack can be attributed to poor decisions made by the company. Blackbaud paid the hackers an undisclosed ransom after their systems were hacked, which has been criticized for not disclosing the incident externally until July [102531]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident related to development incompetence is evident in the Blackbaud hack incident. Blackbaud, a major provider of education administration software, was hacked in May, but they did not disclose the breach externally until July [102531]. This delay in disclosure could be seen as a lack of professional competence in handling the security incident promptly and transparently.
(b) The software failure incident related to accidental factors is seen in the ransomware attack on Blackbaud's systems. The company mentioned that the cyber-criminal removed a copy of a subset of data from their environment before being locked out, indicating an accidental exposure of data due to the attack [102531]. |
| Duration |
temporary |
The software failure incident reported in Article 102531 was temporary. The incident involved a ransomware attack on Blackbaud's systems, a cloud computing provider, which resulted in data being stolen from at least 10 universities and other organizations. The hack occurred in May, but Blackbaud did not disclose it externally until July. The company paid the hackers a ransom, and it claimed that the cyber-criminals removed a copy of a subset of data from their environment before being locked out. Blackbaud also mentioned that they had received confirmation that the stolen data had been destroyed. The incident was temporary in nature as it involved a specific breach that was addressed and contained within a certain timeframe, rather than being a permanent failure [102531]. |
| Behaviour |
crash, omission, timing, other |
(a) crash: The software failure incident in this case can be categorized as a crash. The incident involved a ransomware attack on Blackbaud's systems, resulting in the loss of data about students, alumni, and other individuals from various institutions. The attack led to a situation where the system lost its state and was unable to perform its intended functions, leading to data theft and compromise [Article 102531].
(b) omission: The software failure incident can also be categorized as an omission. Blackbaud was criticized for not disclosing the hack externally until July, despite the attack occurring in May. This omission to inform the affected parties and the public about the breach in a timely manner can be considered a failure of the system to perform its intended function of promptly notifying stakeholders about security incidents [Article 102531].
(c) timing: The timing of the software failure incident is also relevant. The attack on Blackbaud's systems occurred in May, but the company did not disclose it externally until July. This delay in timing in informing the public and affected parties about the breach can be seen as a failure of the system to perform its intended function at the correct time [Article 102531].
(d) value: The software failure incident did not involve a failure due to the system performing its intended functions incorrectly in terms of the data itself. The stolen data included information like phone numbers, donation history, and events attended, but credit card and other payment details were not exposed. Therefore, there was no indication of the system providing incorrect values in terms of the data compromised [Article 102531].
(e) byzantine: The software failure incident did not exhibit behavior characteristic of a byzantine failure, which involves inconsistent responses and interactions. The incident primarily involved a ransomware attack leading to data theft, with the focus on the loss of data and the response to the breach rather than erratic or inconsistent behavior of the system itself [Article 102531].
(f) other: The software failure incident can be further characterized as a failure to adequately assess the potential risks and impacts of the breach. Some individuals expressed concerns about the reassurances provided by Blackbaud regarding the stolen data, questioning how the company could be certain that the data would not be misused. This failure to address the uncertainties and risks associated with the breach can be considered as another aspect of the incident's behavior [Article 102531]. |