[iandev]

> "The university's cyber insurance policy paid part of the ransom, and the university covered the remainder. No tuition, grant, donation, state or taxpayer funds were used to pay the ransom"

I was looking to dunk on them but it seems that what they did wasn’t entirely unreasonable. The article further states that they paid to protect student data.

[Lionga]

Where did the money come from if not from "tuition, grant, donation, state or taxpayer funds"? And if they have another source of funding, this still means the money is missing to fund things in the future that now they have to use "tuition, grant, donation, state or taxpayer funds" for.

They also send a clear message that ransom ware blackmail is a great business model. I think that is more than enough reason to dunk on them.

[pc86]

No you don't understand, they didn't use that money, they used different money! Nevermind that money is fungible.

Unless they set money in the budget every year for "Ransomware Insurance Shortfall" this is 100% "tuition, grant, donation, state or taxpayer funds" at some point in the chain.

[sgeorge96]

It was partly covered by insurance.

[lotsofpulp]

Which came from insurance premiums paid by the university.

[abluecloud]

which was paid for with tuition, grant, donation, state or taxpayer funds

[mywittyname]

Which will continue to pay for the now-increased ongoing premiums.

[pc86]

We're talking about the part that wasn't.

[scarmig]

Even the insurance policy that distributed the payout was ultimately paid for with those funds.

[colinmhayes]

Sunk cost

[candiodari]

Plus obviously insurance simply means they're using tuition money to pay for ransoms, but all the time, not just when they're threatened.

[jessaustin]

If they're spending it all the time anyway, why shouldn't the payment have been made?

[freeopinion]

Utah's higher education system has what I think is a very stupid tuition hierarchy. It seems that tuition is set by the state legislature and cannot be modified by the individual school. But schools can set other fees. So they have this concept of "differential tuition". That is some arbitrary amount that they choose to charge for a particular class that is the difference between what tuition would be if they could control it and the amount mandated by the legislature.

You may have paid all your tuition and still owe the university tuition. Got a tuition scholarship from the university? Better check the fine print. Full-tuition or half-tuition doesn't necessarily mean what you think it means. It might only cover one of the definitions of tuition. Each class can have multiple tuitions of arbitrary amounts and you have to pay them all; your scholarship does not have to cover them all.

Oh, and it is impossible to know how much to budget for a 15-credit hour semester unless you provide a specific list of classes taken.

So, "didn't come from tuition" is an ambiguous statement from a Utah school.

[afrcnc]

From football game ticket sales... duuuh

[bagacrap]

school store textbook sales

[zucker42]

I think I'd agree with the end of the article. If the only reason you're paying them is to prevent a data leak, what's to stop them from accepting the ransom and still leaking the data?

[gowld]

Hacker has a reputation to maintain.

[Nasrudith]

What is to stop them from acting like a blackmailer and going back for more later? Technically all they need is for giving money to "help" short term to maintain their "reputation". It is a danegelt situation.

[zucker42]

Except there's not even any claim or confirmation about which group performed the attack, though one is suspected according to the article.