Loughborough Uni is victim of database hack
Info also taken from LOROS and De Montfort Uni
HACKERS have breached the databses of LOROS hospice and Loughborough and De Montfort universities.
The hospice and the two universities confirmed they are among the organisations worldwide affected by the attack on cloud computing provider Blackbaud.
The hackers took information through a ransomware attack aimed at locking the cloud software firm out of its own data and servers.
The charity, in Groby Road, and universities have apologised to supporters, staff and alumni who have had their details accessed but stressed no bank account, credit card or password information has been compromised.
Several other UK universities were affected, as well as the National Trust.
Loros chief executive John Knight said: “No financial information such as card or bank details is stored in our database and therefore was not taken in the attack.
“Blackbaud is a cloud computing provider which works with organisations worldwide and this breach has impacted many other charities and universities.
“There is no need for anyone to take any action in relation to this incident.
“But we would remind all of our supporters it is always best practice to exercise caution when opening or responding to e-mails you receive and considering whether they are from a legitimate contact or source.
“We apologise for any concern or inconvenience this may cause. We value our supporters and know you trust us to look after your data.
“This is why, despite being disappointed to do it, we are making you aware of the incident, and regardless of the fact that it represents a very low risk to you all.”
A Loughborough University spokesman said: “We can confirm there has been a data breach affecting a third-party company, Blackbaud.
“This company provides a platform that hosts parts of our alumni and supporter database.
“Many UK universities use Blackbaud and this incident has affected numerous institutions across the country, not just Loughborough.
“The data that has been compromised does not include any bank account, credit card information or passwords and we have written to all those impacted to apologise for this incident and provide further information.
“The university has also reported the data breach to the Information Commissioner’s Office (ICO).”
A spokesman for Blackbaud said: “After discovering the attack, our cyber security team – together with independent forensics experts and law enforcement – successfully prevented the cybercriminal from blocking our system access and fully encrypting files; and ultimately expelled them from our system.
“Prior to our locking the cybercriminal out, the cybercriminal removed a copy of a subset of data from our selfhosted environment.
“The cybercriminal did not access credit card information, bank account information or social security numbers.
“Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed.
“Based on the nature of the incident, our research and third-party (including law enforcement) investigation, we have no reason to believe any data went beyond the cybercriminal, was or will be misused or will be disseminated or otherwise made available publicly.”