UEA data stolen in ransom attack by cyberhackers
PUBLISHED: 16:09 29 July 2020 | UPDATED: 17:11 29 July 2020
Personal data about former students has been stolen from the University of East Anglia after hackers attacked a cloud computing provider.
The UEA is among more than a dozen UK universities hit by the data attack on Blackbaud, one of the world’s largest providers of administration software for higher education and not-for-profit organisations.
The university uses IT systems supplied by Blackbaud to keep in touch with its alumni and supporters.
Information held on the database accessed by criminals included names, addresses and emails.
MORE: UEA and Norwich University of Arts plan return to face-to-face teaching
Ian Callaghan, UEA chief resource officer said: “Law enforcement and third-party cyber security experts undertook a detailed investigation on behalf of Blackbaud and the company has confirmed that passwords, bank account and credit card numbers were not affected by this incident.
“The investigation did reveal that the attackers may have accessed data including the following: name, name at UEA, title, gender, date of birth, marital status, job role, address, phone number, email and IP address; educational attainment details; and a record of engagement with UEA activities including event bookings and donations.”
You may also want to watch:
The UEA said it had been contacted by Blackbaud on July 16 to say they had been the victim of a ransomware attack between February and May 2020.
The US-based company has been criticised for not disclosing the attack until this month and for having paid the hackers an undisclosed ransom.
Under General Data Protection Regulation, companies must report a significant breach to data authorities within 72 hours of learning of an incident - or face potential fines.
MORE: Predicted £35m losses sees UEA ask staff to take pay cuts and cut hours
The UK Information Commissioner’s Office (ICO) said 125 organisations had reported the incident so far with the growing list of organisations to issue data breach alerts ranging from the National Trust to charities including Sue Ryder.
Other UK universities that have been affected include York, Loughborough, Leeds, Reading and Brookes University and University College Oxford.
Mr Callaghan added: “We are thoroughly investigating the incident and are working with Blackbaud to understand what actions they have taken to increase their security in response to the breach and what the circumstances were regarding the breach, the timeframe and their approach to notification.
“We have contacted alumni and supporters directly affected so they can remain vigilant.”
If you value what this story gives you, please consider supporting the Eastern Daily Press. Click the link in the orange box above for details.