Blackbaud Security Incident
The University has been affected by a data security incident with a third-party service provider, Blackbaud, one of the world’s largest providers of customer relationship management systems for charities and the higher education sector. The University was one of a significant number of higher education and non-profit organisations affected in the UK and in other countries.
We would like to assure alumni, donors and other contacts that since we were made aware (on 16th July) of this incident, we have been investigating exactly what happened and working with Blackbaud to identify and give accurate information to those who may have been affected.
There is no need for further action on the part of alumni or donors at this time other than the usual vigilance for anything unusual relating to personal data.
The system affected manages some of our web content and email messaging for alumni, donors, and other contacts of the University. We have been told the information involved in the incident includes:-
- Biographical Information such as name, title, date of birth, and former Student ID
- Postal address, phone numbers and email address
- Business Information such as job title and employer
- University Qualifications
- Non-Financial Gift-related Information such as gift amount, projects supported and gift aid opt-in
- Event Booking information such as dietary and access requirements
Blackbaud have assured us that their detailed investigation found no encrypted information, such as bank account details, credit card data, or passwords, was included.
The University has launched its own investigation and has contaced directly those who may have been affected.
The University has also informed the Information Commissioner’s Office (ICO) of the breach and is awaiting further guidance.
We deeply regret the worry and inconvenience that this incident may have caused.
Please check back here for updates on how we are responding to this issue, including our response to any recommendations from Blackbaud, the ICO or regulatory authorities.
For enquiries please email email@example.com.