BlackBaud Hack: Global Attack Compromise Aberystwyth University Data


Blackbaud Hack: A Welsh University has confirmed that the Aberystwyth’s old college on the seafront was built back in the 1860s and was one of the over 20 institutions of US, UK and Canada that has been heavily affected by the data breach after the hackers have attacked a provider of cloud computing.

The Aberystwyth University authorities have reassured the present students and the alumni that none of the bank accounts or credit card details was taken in the data breach. The hack has only targeted the Blackbaud, the leading provider of the education financial management and the administration software. The ransomware attack had occurred in May this year.

Aberystwyth University says that it is investigating the matter on an urgent basis after the breach has been confirmed. The breach has affected university alumni and the supporter web portal and information management system.

The U.S based company Blackbaud has been heavily criticised on account of hiding their external system hack until July and also for having paid a hidden amount as a ransom to the hackers.

In some of the other attacks in the universities, the information was limited to only the former students, who had been asked to support the establishments financially from where they have graduated. But in the others, it had extended to the staffs, other supporters and the existing students.

The Assurances

Around 10k students study at the mid Wales institution every year, which is 148 years old. The university said that it had reassurances that the stolen data has now been destroyed. There is no reason to believe that it has been misused.

“Blackbaud has offered assurances that no bank account or credit card details were taken,” said a university spokesperson.

“We take data security extremely seriously. We are urgently investigating this incident and are awaiting further details from Blackbaud.

“We are in the process of contacting those online portal users and recipients of our alumni and supporter e-newsletters whom we believe may have been affected.”

Aberystwyth University has three faculties in the academics and a total of 17 departments. The university has reported the breach to the ICO or Information Commissioner’s Office. It had said that it will cooperate completely with any further steps that they wish to take.

Image: BBC

The other institutions have also been affected by the data breach and include the University of York, University of London and University College, Oxford and Loughborough University.

Ransom Demand Cleared 

The South Carolina headquarters based Blackbaud has declined to provide a complete list of those who are impacted stating that it wanted to respect the privacy of their customers

“The majority of our customers were not part of this incident,” the company claimed.

It referred the BBC to a statement on its website: “In May of 2020, we discovered and stopped a ransomware attack. Prior to our locking the cyber-criminal out, the cyber-criminal removed a copy of a subset of data from our self-hosted environment.”

The statement goes on like the Blackbaud has paid the ransom demand, which is not illegal but goes against the advice of the various law enforcement agencies inclusive of Europol, FBI and NCA. Black has added that it has been given the confirmation of the copy of the data they removed have been destroyed. It has furthermore said that it is working with the law enforcement and the third party investigators in the bid to monitor whether or not the data is being sold and circulated on the dark web.

Image: 2 Spyware

An ICO spokeswoman said: “Blackbaud has reported an incident affecting multiple data controllers to the ICO. We will be making enquiries to both Blackbaud and the respective controllers, and encourage all affected controllers to evaluate whether they need to report the incident to the ICO individually.”

Source: Trading U

Disclaimer: does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.


Please enter your comment!
Please enter your name here