UEA data stolen in ransom attack by cyberhackers
- Credit: Copyright: Archant 2019
Personal data about former students has been stolen from the University of East Anglia after hackers attacked a cloud computing provider.
The UEA is among more than a dozen UK universities hit by the data attack on Blackbaud, one of the world’s largest providers of administration software for higher education and not-for-profit organisations.
The university uses IT systems supplied by Blackbaud to keep in touch with its alumni and supporters.
Information held on the database accessed by criminals included names, addresses and emails.
MORE: UEA and Norwich University of Arts plan return to face-to-face teachingIan Callaghan, UEA chief resource officer said: “Law enforcement and third-party cyber security experts undertook a detailed investigation on behalf of Blackbaud and the company has confirmed that passwords, bank account and credit card numbers were not affected by this incident.
“The investigation did reveal that the attackers may have accessed data including the following: name, name at UEA, title, gender, date of birth, marital status, job role, address, phone number, email and IP address; educational attainment details; and a record of engagement with UEA activities including event bookings and donations.”
The UEA said it had been contacted by Blackbaud on July 16 to say they had been the victim of a ransomware attack between February and May 2020.
The US-based company has been criticised for not disclosing the attack until this month and for having paid the hackers an undisclosed ransom.
- 1 A coach 'filled with people' and a van crash on the NDR
- 2 Broads pub once visited by Chelsea players shuts for good
- 3 Body found in woods near Mildenhall
- 4 Heavy winds set to hit Norfolk as yellow weather warning issued
- 5 One person rescued after crash on A47
- 6 ‘We need action now’: Flood hit Broads business backs river barrier calls
- 7 'Like touching grim reaper's nose': Teenager lucky to be alive after crash
- 8 Norfolk's oldest woman dies, aged 110
- 9 Norwich City transfer rumours: Idah out, Hugill back in for Canaries?
- 10 Three cars crash near Swainsthorpe on Norwich Road
Under General Data Protection Regulation, companies must report a significant breach to data authorities within 72 hours of learning of an incident - or face potential fines.
MORE: Predicted £35m losses sees UEA ask staff to take pay cuts and cut hoursThe UK Information Commissioner’s Office (ICO) said 125 organisations had reported the incident so far with the growing list of organisations to issue data breach alerts ranging from the National Trust to charities including Sue Ryder.
Other UK universities that have been affected include York, Loughborough, Leeds, Reading and Brookes University and University College Oxford.
Mr Callaghan added: “We are thoroughly investigating the incident and are working with Blackbaud to understand what actions they have taken to increase their security in response to the breach and what the circumstances were regarding the breach, the timeframe and their approach to notification.
“We have contacted alumni and supporters directly affected so they can remain vigilant.”