Hackers steal data from students at six UK universities in global cyber attack targeting US-based cloud computer provider Blackbaud
- Blackbaud paid hacker an undisclosed ransom after promised all data destroyed
- Said hacker did not access credit card information or bank account details
- The attack happened in May but was not publicly addressed until this month
- University of York, Oxford Brookes University and Leeds University impacted
Hackers have stolen student data from six UK universities in a global cyber attack targeting US-based cloud computer provider Blackbaud.
Blackbaud paid the hacker an undisclosed ransom after they were promised that all data – which included phone numbers and donation history in some cases – was destroyed.
The South Carolina-based company said the ransomware hacker ‘did not access credit card information, bank account information, or social security numbers’.
The attack – which also affected a Canadian University and a US design school – happened in May but was not publicly addressed until this month.
Hackers have stolen student data from six UK universities (including the University of Leeds, pictured) in a global cyber attack targeting US-based cloud computer provider Blackbaud
Blackbaud paid the hacker an undisclosed ransom after they were promised that all data – which included phone numbers and donation history in some cases – was destroyed. Pictured: The University of York was one of the institutions affected
The South Carolina-based company said the ransomware hacker ‘did not access credit card information, bank account information, or social security numbers’ of students it universities, including Reading (pictured)
The University of York, Oxford Brookes University, Loughborough University, University of London, University of Leeds and University of Reading are apologising to students, faculty and donors for the breach.
Ambrose University in Canada and Rhode Island School of Design in America were also hit – as were Human Rights Watch and charity Young Minds, BBC News reports.
A statement on the company’s website read: ‘After discovering the attack, our Cyber Security team – together with independent forensics experts and law enforcement -successfully prevented the cybercriminal from blocking our system access and fully encrypting files; and ultimately expelled them from our system.
‘Prior to our locking the cybercriminal out, the cybercriminal removed a copy of a subset of data from our self-hosted environment.
The attack – which also affected a Canadian University and a US design school – happened in May but was not publicly addressed until this month. Pictured: Oxford Brookes University was one of the ones affected
‘The cybercriminal did not access credit card information, bank account information, or social security numbers.
‘Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed.’
The FBI, National Crime Agency and Europol usually advise against paying what the hacker demands.
The University of York, Oxford Brookes University, Loughborough University, University of London (pictured), University of Leeds and University of Reading are apologising to students, faculty and donors for the breach
The statement adds: ‘Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly.’
One of the impacted former students, cyber-security specialist Rhys Morgan said: ‘My main concern is how reassuring – impossibly so, in my opinion – Blackbaud were to the university about what the hackers have obtained.’