Kentish Gazette Canterbury & District
Ransom over hacked uni website paid
A university has revealed data was stolen by a cyber-criminal and held for ransom. Blackbaud, which manages alumni and stakeholder details for the University of Kent, was targeted in May by “a sophisticated ransom-ware attack”. With the criminals threatening to release the information, Blackbaud worked with police to solve the situation - and eventually decided to pay the ransom sum.
The University of Kent has emailed those whose data was at risk, writing: “Blackbaud worked with law enforcement authorities and third-party cyber-security experts to investigate the incident and subsequently paid the ransom in order to protect customers’ data. “Assurances were given by the cyber-criminal that they had deleted the records.” The information believed to have been unlawfully accessed relates to those who have used the website to donate to the university, register for an event, register as a user or update their details.
The full extent of the breach is still not known.
The university email continues: “As soon as this incident was reported to us, we launched our own investigation which is still ongoing. Blackbaud has confirmed that no encrypted data, credit card data, bank details or passwords were accessed as part of the attack. “We are seeking clarification from Blackbaud about the assurances received that records were deleted by the cybercriminal after the ransom was paid. “We have also asked Blackbaud to explain why they did not report this incident to us sooner. “We have reported this data breach to the Information Commissioner’s Office (ICO) and are awaiting further guidance. “We will continue to update the ICO as more information becomes available.” Alumni members suspected to be part of the breach are being asked to remain vigilant of suspicious activity.
The univeristy says it will be reviewing its contract with Blackbaud and will seek to ensure protective measures are strengthened in the future.