Personal data about former students has been stolen from the University of East Anglia after hackers attacked a cloud computing provider.

Eastern Daily Press: Data about former UEA students and supporters was stolen by hackers. Picture: Darren CarterData about former UEA students and supporters was stolen by hackers. Picture: Darren Carter (Image: butterflyeffect / realitypaused.com)

The UEA is among more than a dozen UK universities hit by the data attack on Blackbaud, one of the world’s largest providers of administration software for higher education and not-for-profit organisations.

The university uses IT systems supplied by Blackbaud to keep in touch with its alumni and supporters.

Information held on the database accessed by criminals included names, addresses and emails.

MORE: UEA and Norwich University of Arts plan return to face-to-face teachingIan Callaghan, UEA chief resource officer said: “Law enforcement and third-party cyber security experts undertook a detailed investigation on behalf of Blackbaud and the company has confirmed that passwords, bank account and credit card numbers were not affected by this incident.

Eastern Daily Press: Hackers targeted cloud computer company Blackbaud that supplies software used by the UEA to keep in touch with its alumni and supporters. Picture: Getty ImagesHackers targeted cloud computer company Blackbaud that supplies software used by the UEA to keep in touch with its alumni and supporters. Picture: Getty Images (Image: P. SIRIPHIROON)

“The investigation did reveal that the attackers may have accessed data including the following: name, name at UEA, title, gender, date of birth, marital status, job role, address, phone number, email and IP address; educational attainment details; and a record of engagement with UEA activities including event bookings and donations.”

The UEA said it had been contacted by Blackbaud on July 16 to say they had been the victim of a ransomware attack between February and May 2020.

The US-based company has been criticised for not disclosing the attack until this month and for having paid the hackers an undisclosed ransom.

Under General Data Protection Regulation, companies must report a significant breach to data authorities within 72 hours of learning of an incident - or face potential fines.

MORE: Predicted £35m losses sees UEA ask staff to take pay cuts and cut hoursThe UK Information Commissioner’s Office (ICO) said 125 organisations had reported the incident so far with the growing list of organisations to issue data breach alerts ranging from the National Trust to charities including Sue Ryder.

Other UK universities that have been affected include York, Loughborough, Leeds, Reading and Brookes University and University College Oxford.

Mr Callaghan added: “We are thoroughly investigating the incident and are working with Blackbaud to understand what actions they have taken to increase their security in response to the breach and what the circumstances were regarding the breach, the timeframe and their approach to notification.

“We have contacted alumni and supporters directly affected so they can remain vigilant.”