Data including names, addresses and degree details of alumni compromised in UoA data theft
By: Jeevan Bains
The University of Aberdeen and Robert Gordon University are among institutions across the UK and USA who have had data stolen after its third-party database provider was targeted by cybercriminals.
Blackbaud, an American organization providing cloud computing services to over ‘75% of UK universities’ informed the University that ‘the cybercriminal removed data from its backup server during the attack’.
Data related to UoA alumni, donors and other external contacts was part of the cyber attack. The University has said it has launched an investigation on 16 July “to gather the information” needed to contact those affected.
It has come to light that the ransomware attack occurred between February and May 2020, however the University of Aberdeen was not advised until months later in July.
Several Higher Education Institutions affected across the country have been confirmed by the BBC spanning from the University of Exeter to the University of Leeds.
Although Robert Gordon University reported that this information ‘does not pose a data protection risk to those involved’, the University of Aberdeen has shared on its website that personal data of alumni including names, date of births addresses, and details of event and volunteering attendance were among a few of the categories of information that could have been accessed by the cyber-attack.
There are also fears that financial data may have also been held by the cybercriminals ‘for a small number of donors’ alongside the information of alumni.
Critics are questioning the time that Blackbaud took to inform organizations it works with which also includes charities and schools including top academic institutions, Manchester Grammar School, and Dulwich College.
Blackbaud also faces criticism for the undisclosed amount of ransom that they paid to ensure the information was not shared any further however the University commented on their website post that they ‘cannot verify this definitively’.
Have you been affected by this story? Contact news@thegaudie.com or message Gaudie News on Facebook.
The University has advised that they will ‘review as a matter of priority our ongoing association with Blackbaud’ as well as sharing their apologies ‘for the concern and the inconvenience that this Blackbaud incident may have caused’.
The University urged anyone who may be affected by the attack to find information on the Information Commissioner's Office website and advised students ‘remain vigilant and report promptly any suspicious activity or suspected identity theft’.
For more information about the data breach see: https://www.abdn.ac.uk/giving/about/blackbaud-data-breach-557.php?fbclid=IwAR0qC9sGJl66EgcSs4QZA8CMsMQknTcA2rNfgSDRt8eMMPp4HgMNjyuaoOc
Comments