University alumni details stolen in hack attack on supplier
THE University of Birmingham is among 20 UK institutions and charities which fell prey to a cyber-attack, it has been confirmed.
The attack compromised Blackbaud, a US software supplier which was held to ransom by hackers in May. The hackers were paid an undisclosed ransom.
Blackbaud is responsible for education administration, fundraising, and financial management software supplied to the university.
The scale of the breach has not been revealed, but some personal details of former students are believed to have been stolen. The University of Birmingham was affected alongside University College, Oxford, De Montfort University, Leicester, the University of Exeter, University Leeds and several others. Charities impacted included two in Vermont, as well as Young Minds and Human Rights Watch. A spokesman from the UK’s National Cyber Security Centre said: “We are aware of this incident and are supporting partners in the UK and internationally in response. We would urge all organisations to read our guidance on how to defend themselves against ransomware attacks.”
In some cases, the stolen data included phone numbers, donation history and events attended.
A Blackbaud statement said: “In May of 2020, we discovered and stopped a ransomware attack. Prior to our locking the cyber-criminal out, the cyber-criminal removed a copy of a subset of data from our self-hosted environment.”
The University of Birmingham is now working with Blackbaud to determine exactly what personal data was compromised.
malware
and
In this case it appears that the names and email addresses of the university’s alumni and supporter community were affected.
Mark Montaldo, a director at CEL Solicitors, which specialises in data breach claims, said: “We’ve already spoken to former university students who are rightly concerned about what this data breach could mean for them.
“To know your personal data has been hacked by criminals is incredibly worrying and increasingly common as more and more data is stored online. It’s therefore crucial that organisations ensure that every possible measure is taken to protect their members’ personal details and that any third parties’ goals are aligned with their own when it comes to data protection.
“It’s also really important that organisations notify potential victims as soon as they become aware of a data breach so that they are alert to any suspicious activity as a result of their data being breached”.
As a precautionary measure, the Information Commissioner’s Office has been sent a preliminary notification about this issue.