Over 30 universities in the UK have suffered a serious data breach after hackers attacked cloud computing provider, Blackbaud.
UK universities confirmed to have been affected include:
- Aberystwyth University
- ACS International Schools
- Brasenose College, University of Oxford
- Brunel University, London
- De Montfort University
- Hughes Hall College, University of Cambridge
- King’s College, London
- Loughborough University
- Oxford Brookes University
- Radley College, Abingdon
- Selwyn College, University of Cambridge
- St Albans School, Hertfordshire
- Sheffield Hallam University
- Staffordshire University
- University College, Oxford
- University of Birmingham
- University of Bristol
- University of Durham
- University of East Anglia
- University of Exeter
- University of Hull
- University of Kent
- University of Leeds
- University of Liverpool
- University of London
- University of Manchester
- University of Newcastle
- University of Northampton
- University of Reading
- University of South Wales
- University of Sunderland
- University of Sussex
- University of West London
- University of York
The universities have written to former students asking them to remain vigilant and report any suspicious activity following the hack.
Blackbaud, which provides software solutions to higher educational institutions, was targeted by cybercriminals in May. It was held to ransom by the hackers and paid an undisclosed amount to the cyber-criminals in the hope that they would destroy the data. Blackbaud is facing widespread criticism about the length of time it took to warn victims that data had been stolen. It notified the universities affected on 16th July who then, in turn, notified their staff, students, alumni and partners.
The universities impacted are now working with Blackbaud to determine exactly what personal data was compromised. So far, clients of Blackbaud have been affected in different ways, with varying types of data involved. Some of the information relating to the Universities that was stolen included:
- personal details, e.g. name, title, gender, date of birth and student number
- contact details, e.g. phone, email address, home address and LinkedIn profile URL
- educational details, e.g. qualifications and extracurricular activities undertaken
- alumni and fundraising records, including participation and donations
- professional details, e.g. profession and employer
- information about people’s interests submitted in university surveys
As a precautionary measure, the Information Commissioner’s Office has been sent a preliminary notification.
What to do when you’ve been hacked
We are calling for anyone who is worried that they may have been impacted as a result of the data breach to contact us so we can thoroughly investigate whether their private details were part of the cyberattack, and whether they could be entitled to compensation as a result.
Find out more about making a data breach claim, or call our team on 0808 273 0900 to get free, no-obligation legal advice.