Message for alumni and supporters – Blackbaud personal data breach
[A message for University of Chichester alumni community and supporters – Blackbaud personal data breach]
Dear alumni and supporters,
We are writing to inform you that on 16 July Blackbaud, one of the world’s largest providers of customer relationship management systems for not-for-profit organisations and the Higher Education sector, discovered and stopped a ransomware attack on its systems. However, we wanted to inform you that some personal data was compromised and a high number of universities and not-for-profit organisations have been affected, including the University of Chichester.
As a highly-valued member of our University and our community, we are deeply concerned that Blackbaud experienced this ransomware attack. Please be re-assured, however, that we only use a subset of Blackbaud functionality and only basic information stored.
In more detail
Blackbaud have informed us that the ransomware attack involved biographic details which might include some or all of the following depending upon your relationship with us;
- names
- study details (where these were held)
- employment and contact details (where these were held)
- information pertaining to individuals’ relationship with Chichester, such as event participation and giving history (where this was held)
Crucially, the personal data that was compromised did not include any passwords, usernames, bank account or credit card details.
We wanted to make you aware of this incident and the steps we have taken to respond.
Is there anything you need to do?
You do not need to take any further action currently.
Blackbaud have told us that they paid a ransom to the cybercriminal and that they have received assurances that the stolen data has not been misused or disseminated, including being made publicly available. A detailed investigation was also carried out on behalf of Blackbaud by law enforcement and independent cybersecurity experts.
While we believe that the risk this incident poses to you is low, and below the statutory threshold required to notify affected individuals, we wanted to make you aware in order that you can remain vigilant. We are continuing to work closely with Blackbaud to ensure that all our concerns are fully addressed, including why there was a significant delay in Blackbaud informing us of this incident.
Our University takes its data protection obligations extremely seriously and, following our own investigation, we notified the Information Commissioner’s Office (ICO) of this incident. We are continuing to work with the ICO in support of their ongoing investigation and are completing all ICO recommendations as a matter of priority.
Our University IT and computer systems were unaffected by this incident. We use the very latest firewall protection available to universities to keep all data and our computers safe.
Going forward
To reiterate, you do not need to take any action at this time but, in light of this incident, we would like to take the opportunity to emphasise the importance of safe practice online and to only respond to emails from authentic sources.
We recommend the advice given by the UK government’s Nationals Security Advice Centre about staying safe online (available here) which includes protecting your email accounts and never disclosing financial information or passwords to anyone over email or the telephone.
It is regrettable that Blackbaud fell victim to this incident but we are continuing to do all we can to keep your personal data secure.
What makes the University of Chichester so unique is our close-knit community and that our alumni and supporters choose to remain a part of our historic institution even after graduating. Therefore, we apologise for any inconvenience caused.
Should you have any questions about this incident then please contact our Alumni team at alumni@chi.ac.uk.
