Blackbaud personal data breach – enquiries
In line with current government advice, we are still working from home, and therefore there will be a delay in responding to postal enquiries.
Update, at February 2021:
Blackbaud is the third-party supplier of our customer relationship management system and provider of our data storage. Blackbaud advised us on 16 July 2020 that it had discovered a ransomware attack in May 2020. The cybercriminal removed data from its backup server during the attack, at some point between 7 February and 20 May 2020.
We have been informed that data related to our alumni, donors and other external contacts was part of the incident. Blackbaud worked with third parties, including law enforcement, and paid a ransom to ensure that the data the cybercriminal obtained was not shared any further and was destroyed, but we cannot verify this definitively. Blackbaud continue to monitor this and they are implementing an ongoing programme of security enhancements.
We have completed our own investigations and are working on the actions arising from this process. We informed the ICO and have been advised they will be taking no further action in relation to the University of Aberdeen/University of Aberdeen Development Trust.
Our current data storage is fully encrypted. We are supported by colleagues in the University’s cybersecurity and information governance teams and we keep in regular contact with Blackbaud regarding the security of the data stored.
However, we would always recommend that you remain vigilant and report promptly any suspicious activity or suspected identity theft. The following websites provide advice on how to stay safe online:
Helpful guidance on action you can take against identity theft is available on the Information Commissioner's Office website: www.ico.org.uk/your-data-matters/identity-theft
Please check our Privacy Notice page for more information