Home Canterbury News Article
University of Kent targeted in data ransom attack
19:00, 28 July 2020
updated: 19:57, 28 July 2020
A university has revealed data was stolen by a cybercriminal and held for ransom.
Blackbaud, which manages alumni and stakeholder details for the University of Kent, was targeted in May by "a sophisticated ransom-ware attack".
Threatening to release the information, Blackbaud worked with police to solve the situation - the solution was eventually to pay the ransom sum.
More than 125 organisations are believed to have been impacted, including the National Trust and Sue Ryder.
Included in this number are international bodies such as the Central European University in Hungary.
The University of Kent has emailed those it believes could have data involved in the attack, writing: "Blackbaud worked with law enforcement authorities and third-party cyber-security experts to investigate the incident and subsequently paid the ransom in order to protect customers’ data.
"Assurances were given by the cybercriminal that they had deleted the records."
The information believed to have been unlawfully accessed pertains to those who:
- have donated to the University using an online form on the alumni website
- have registered for an event via the alumni website
- registered as a user of the alumni website when this service was available
- have completed the 'update your details' form which is currently available on the alumni website
The full extent of the breach is still not known.
"We are seeking clarification from Blackbaud about the assurances received..."
The university email notes: "As soon as this incident was reported to us, we launched our own investigation which is still ongoing. Blackbaud has confirmed that no encrypted data, credit card data, bank details or passwords were accessed as part of the attack.
"We are seeking clarification from Blackbaud about the assurances received that records were deleted by the cybercriminal after the ransom was paid.
"We have also asked Blackbaud to explain why they did not report this incident to us sooner.
"We have reported this data breach to the Information Commissioner’s Office (ICO) and are awaiting further guidance.
"We will continue to update the ICO as more information becomes available."
Alumni suspected to be part of the breach are being asked to remain vigilant of suspicious activity.
The email's authors - University of Kent data protection officer Jordan Hall and Tim Farrow-House, acting director of development - have said they'll be reviewing their contract with Blackbaud and will seek to ensure protective measures are strengthened in the future.
Have you been affected by this data breach? If so, please get in touch at news@thekmgroup.co.uk