Find local news in Kent

Home   Canterbury   News   Article

University of Kent targeted in data ransom attack

19:00, 28 July 2020

updated: 19:57, 28 July 2020

A university has revealed data was stolen by a cybercriminal and held for ransom.

Blackbaud, which manages alumni and stakeholder details for the University of Kent, was targeted in May by "a sophisticated ransom-ware attack".

The ransomware attack came at the height of the coronavirus pandemic
The ransomware attack came at the height of the coronavirus pandemic

Threatening to release the information, Blackbaud worked with police to solve the situation - the solution was eventually to pay the ransom sum.

More than 125 organisations are believed to have been impacted, including the National Trust and Sue Ryder.

Included in this number are international bodies such as the Central European University in Hungary.

The University of Kent has emailed those it believes could have data involved in the attack, writing: "Blackbaud worked with law enforcement authorities and third-party cyber-security experts to investigate the incident and subsequently paid the ransom in order to protect customers’ data.

"Assurances were given by the cybercriminal that they had deleted the records."

Alumni have been asked to remain cautious of suspicious activity
Alumni have been asked to remain cautious of suspicious activity

The information believed to have been unlawfully accessed pertains to those who:

  • have donated to the University using an online form on the alumni website
  • have registered for an event via the alumni website
  • registered as a user of the alumni website when this service was available
  • have completed the 'update your details' form which is currently available on the alumni website

The full extent of the breach is still not known.

"We are seeking clarification from Blackbaud about the assurances received..."

The university email notes: "As soon as this incident was reported to us, we launched our own investigation which is still ongoing. Blackbaud has confirmed that no encrypted data, credit card data, bank details or passwords were accessed as part of the attack.

"We are seeking clarification from Blackbaud about the assurances received that records were deleted by the cybercriminal after the ransom was paid.

"We have also asked Blackbaud to explain why they did not report this incident to us sooner.

"We have reported this data breach to the Information Commissioner’s Office (ICO) and are awaiting further guidance.

Investigations are still ongoing as to who stole the data. Stock image
Investigations are still ongoing as to who stole the data. Stock image

"We will continue to update the ICO as more information becomes available."

Alumni suspected to be part of the breach are being asked to remain vigilant of suspicious activity.

The email's authors - University of Kent data protection officer Jordan Hall and Tim Farrow-House, acting director of development - have said they'll be reviewing their contract with Blackbaud and will seek to ensure protective measures are strengthened in the future.

Have you been affected by this data breach? If so, please get in touch at news@thekmgroup.co.uk

News from our universities, local primary and secondary schools including Ofsted inspections and league tables can be found here.

Read more: All the latest news from Canterbury

Read more: All the latest news from Medway

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies - Learn More