Sheffield Hallam University confirms data breach in global ransomware attack
A Sheffield university has confirmed it was one of more than 20 charities and educational institutions across the UK, US and Canada to have had data stolen after hackers attacked a cloud computing provider.
Sheffield Hallam University said it believes that the “names and contact details for alumni, donors, and other stakeholders” were taken during the cyberattack in May.
The hack targeted Blackbaud, one of the world's largest providers of education administration, fundraising, and financial management software
Sheffield Hallam said that it is managing the incident “in accordance with its data security procedures” after confirming that it had been affected.
In an email to ‘valued members’ of the Sheffield Hallam Community, university secretary Michaela Boryslawskyj, said: “On Thursday 16 July 2020, the university was notified by Blackbaud that Sheffield Hallam and a number of other universities had been affected by this incident, in which Blackbaud’s systems were hacked and personal information relating to our alumni and other members of our community was stolen.
"The data taken does not include bank details, financial information or sensitive personal data; and you do not have to take any direct action in relation to this incident at this stage.
"However, the university takes its approach to data security very seriously and we have established a full incident response group to review and respond to this issue. More information on the incident is included in this email.”
She added: "At this stage you do not need to do anything except remain vigilant and report any suspicious activity to police or other law enforcement authorities. Further information is available about staying safe online. We will continue to work with Blackbaud to investigate this incident further and its implications.
"We sincerely apologise for any distress that this data security breach by Blackbaud may cause. The University takes data protection very seriously and we regret any inconvenience caused by this incident.”
Blackbaud has been criticised for not disclosing the hacking of their systems externally until July and for having paid the hackers an undisclosed ransom.
The US-based firm said in a lengthy but undated statement that the ransom had been paid after they were promised that all data had been destroyed.