Cloud platform provider Blackbaud has revealed that it's suffered a serious data breach involving over 20 universities in the UK, US and Canada.
Blackbaud works with a range of nonprofits and educational institutions across the world to help manage their fundraising activities with its cloud-based platform. Fund-raising from alumni and wealthy parties with an interest in education has formed an important part of the funding streams for Universities across the UK, and Blackbaud works with them to help manage that activity.
The company just recently disclosed that a cyber-attack in May allowed hackers to steal data belonging to at least twenty universities and charities based in the UK, the US, and Canada. The incident involved a great deal of personal data being stolen, including the details of faculty and donors that are normally private.
Attackers held Blackbaud's data for ransom, offering to destroy the data in exchange for an undisclosed sum. Law enforcement agencies always recommend that that those held for ransom don't pay their attackers as it will encourage further attacks and there's no way to know that the stolen data has actually been disposed of. Despite this, Blackbaud opted to pay the ransom.
The Information Commissioner's Office stated that it was only informed about the attack last weekend, but the attack and ransom happened in May 2020. This puts the company in breach of GDPR legislation here in the UK, as it is required to notify the ICO within 72 hours of any major breach becoming known.
One group affected by the incident said that the breach was in a platform called Blackbaud NetCommunity, which is used by universities to manage alumni donation campaigns. Queen's University Belfast has been using Blaudbaud NetCommunity since 2012 to communicate with alumni, but claims that it was not affected by the data breach.
Source: BBC News, The Register
