UEA is among the victims of the Blackbaud cyberattack data breach. The data stolen contained personal information and interaction history with the University’s alumni and supporters. The cybercriminal held the data to ransom, which Blackbaud paid and then the data was deleted.
The breach affected at least 125 organisations, including dozens of universities, the National Trust, charities, museums, schools, and more. An email was sent to affected alumni and supporter states they “do not need to take any further action at this time”. It further said: “Blackbaud have reassured us that the issue has been resolved and that the data is secure.”
In a statement to Concrete, UEA said: “Law enforcement and third-party cyber security experts undertook a detailed investigation on behalf of Blackbaud and the company has confirmed that passwords, bank account and credit card numbers were not affected by this incident”.
UEA tried to assuage concerns by stating: “We are thoroughly investigating the incident and are working with Blackbaud to understand what actions they have taken to increase their security in response to the breach and what the circumstances were regarding the breach, the timeframe and their approach to notification.”
Blackbaud’s websites states: “75% of UK universities are powered by Blackbaud solutions”.
This is in the wake of a number of data leaks from UEA in recent years, including 16 data breaches in 2016, a spreadsheet containing student health problems being leaked in 2017, 300 students being sent an email containing staff health information in 2017 and private data about a student’s failed master’s dissertation being leaked in October 2019.
A Concrete FOI request earlier in 2020 stated that over £140,000 had been paid out by insurers to UEA students affected by leaks.