Tuesday, 28 July 2020

LSBU Affected By Global Data Breach!

A software company called Blackbaud has suffered a data breach that has affected a number of universities, including LSBU and some charities across the UK and USA.

We use one of their products and we wanted to let you know about this incident as your data may have been unlawfully accessed.

We realise that news of this kind can be concerning and the following information gives you an update of what we know, what information might have been at risk and the actions we are taking to safeguard your data.

We would like to reassure you that no encrypted information, such as credit card, bank account information or passwords has been accessed.
What do we know?

Blackbaud, one of the world’s largest providers of customer relationship management services to the high education and not-for-profit sectors discovered and stopped a ransomware attack that occurred in May 2020. You can read their statement here.

The attack resulted in a backup copy of multiple client’s data being taken, including that of LSBU.

Blackbaud shared this information with us on 16 July and we notified the Information Commissioner’s Office (ICO) on 18 July, within 72 hours of the notification from Blackbaud. We are following up with Blackbaud on why we were not told sooner.
What information was involved?

No encrypted information, such as credit card, bank account information or passwords has been accessed.

It is possible that the following information has been accessed as part of the attack:
Personal details e.g. name, date of birth,
Contact details, e.g. email, phone, postal address
Engagement with LSBU, e.g. membership application, donations, event registrations and volunteering preferences
Professional information e.g. employer, job title
What action has been taken?
Blackbaud has had an independent investigation by forensic experts and law enforcement carried out.
Blackbaud, independently of LSBU and their other clients, paid a ransom with confirmation that the removed data had been destroyed.
LSBU has launched its own internal investigation in to this incident and we are contacting all individuals whose data could have been compromised.
On 18 July, we informed ICO and are awaiting their response.
We have engaged independent experts on Blackbaud systems to provide expert analysis to us on what has been affected.
We have sought and received assurances from Blackbaud in regards to the effectiveness of their current security measures and action to prevent future incidents.
What do you need to do?

There is no specific action for you to take at this time. However, we recommend you remain vigilant and promptly report any suspicious activity or suspected identity theft to us and to your relevant law enforcement authorities.
More information?

We are very sorry for any distress this news may have caused you. If you would like to talk to a member of LSBU staff about this please email [email protected]

If you would like to change your communication preferences at any time you can do so via

No comments :

Post a Comment