Newcastle University has revealed that it is among those that has suffered a data breach through an attack on its CRM supplier Blackbaud.
It has released a statement saying that data on its alumni was among that removed when the company was hit by a ransomware attack, believed to have been carried out between February and May.
This follows reports of several other UK universities being affected by the attack, including London, Leeds, Birmingham, and Sheffield Hallam.
Newcastle University said it was notified of the attack on 16 June but advised that no bank details, credit card or password details were taken: the data accessed relates to names and contact details for alumni, donors and other stakeholders.
It said it has no reason to believe any data went beyond the cyber criminal or will be misused, and that it is managing the incident in accordance with its data security procedures, and has notified the Information Commissioner’s Office.
“Colleagues from across the university are working with Blackbaud to assess and minimise the impact of this incident, as well as working to avoid future exposure,” it said. “As part of their ongoing efforts to help prevent something like this from happening in the future, Blackbaud has already implemented several changes that will protect data from any subsequent incidents”
Company response
Cybaud has posted a statement on its website saying: “After discovering the attack, our cyber security team—together with independent forensics experts and law enforcement—successfully prevented the cyber criminal from blocking our system access and fully encrypting files; and ultimately expelled them from our system.
“Prior to our locking the cyber criminal out, the cyber criminal removed a copy of a subset of data from our self-hosted environment. The cyber criminal did not access credit card information, bank account information, or social security numbers.
“Because protecting our customers’ data is our top priority, we paid the cyber criminal’s demand with confirmation that the copy they removed had been destroyed. Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cyber criminal, was or will be misused; or will be disseminated or otherwise made available publicly.
“This incident did not involve solutions in our public cloud environment (Microsoft Azure, Amazon Web Services), nor did it involve the majority of our self-hosted environment.”
It also apologised for the incident and said it will do its best to support customers.
Image from JulicaC2006, CC BY 2.0
