View guides

Hackers Gain Access to University Data

Posted by Richard Ward in

Image courtesy of Flickr, Creative Commons

In a targeted attack, at least seven UK universities have had student data stolen after hackers gained access to a cloud computing provider.

The breach involved Blackbaud, one of the world's largest providers of education administration, fundraising, and financial management software.

The US-based company said its systems were hacked in May and has been criticised for not disclosing this externally until July and for having paid an undisclosed ransom to the perpetrators.

Those institutions confirmed to be affected include:

University of York

Oxford Brookes University

Loughborough University

University of Leeds

University of London

University of Reading

Ambrose University in Alberta, Canada

Human Rights Watch

Young Minds

Rhode Island School of Design in the US

All of the institutions above are sending letters and emails apologising to affected staff, students, alumni and donors.

Whilst it is understood that credit card and other payment details were not exposed, in some cases, stolen data included phone numbers, donation history and events attended.

Blackbaud has said it is working with law enforcement and third-party investigators to monitor whether or not the data is being circulated or sold on the dark web, even though they reportedly had confirmation that the data was destroyed once the ransom was paid.