UEA data stolen in ransom attack by cyberhackers
- Credit: Copyright: Archant 2019
Personal data about former students has been stolen from the University of East Anglia after hackers attacked a cloud computing provider.
The UEA is among more than a dozen UK universities hit by the data attack on Blackbaud, one of the world’s largest providers of administration software for higher education and not-for-profit organisations.
The university uses IT systems supplied by Blackbaud to keep in touch with its alumni and supporters.
Information held on the database accessed by criminals included names, addresses and emails.
MORE: UEA and Norwich University of Arts plan return to face-to-face teachingIan Callaghan, UEA chief resource officer said: “Law enforcement and third-party cyber security experts undertook a detailed investigation on behalf of Blackbaud and the company has confirmed that passwords, bank account and credit card numbers were not affected by this incident.
“The investigation did reveal that the attackers may have accessed data including the following: name, name at UEA, title, gender, date of birth, marital status, job role, address, phone number, email and IP address; educational attainment details; and a record of engagement with UEA activities including event bookings and donations.”
You may also want to watch:
The UEA said it had been contacted by Blackbaud on July 16 to say they had been the victim of a ransomware attack between February and May 2020.
The US-based company has been criticised for not disclosing the attack until this month and for having paid the hackers an undisclosed ransom.
- 1 'I can't carry it' - Shock as plant starts growing eight inches a day
- 2 Man in 20s drowned in Bawsey Country Park lake
- 3 Amazing photos show storms over Norfolk – and there are more to come
- 4 Bungling car thieves dump £92,000 Range Rover
- 5 Elderly man took his clothes off at Norwich park
- 6 Man, 20, who drowned at Bawsey Pits is named
- 7 Aldi planning four new stores in Norfolk
- 8 School shut after ceiling tile falls on to class of children
- 9 See inside the 'tiny mobile homes' built from scratch for £95,000
- 10 Norwich bar gets back licence after tearful appeal by owner
Under General Data Protection Regulation, companies must report a significant breach to data authorities within 72 hours of learning of an incident - or face potential fines.
MORE: Predicted £35m losses sees UEA ask staff to take pay cuts and cut hoursThe UK Information Commissioner’s Office (ICO) said 125 organisations had reported the incident so far with the growing list of organisations to issue data breach alerts ranging from the National Trust to charities including Sue Ryder.
Other UK universities that have been affected include York, Loughborough, Leeds, Reading and Brookes University and University College Oxford.
Mr Callaghan added: “We are thoroughly investigating the incident and are working with Blackbaud to understand what actions they have taken to increase their security in response to the breach and what the circumstances were regarding the breach, the timeframe and their approach to notification.
“We have contacted alumni and supporters directly affected so they can remain vigilant.”