Update on Recent Blackbaud Incident News

The data breach at Blackbaud has been in the news again over the past few days, concerning some Blackbaud customers who had additional data included in the ransomware attack.

Blackbaud have assured us that the University of Glasgow is not one of the customers affected by this.

You can read more about Blackbaud’s response to this breach here: Blackbaud Security Incident.

5th October 2020

Blackbaud Security Incident

The University has been affected by a data security incident with a third-party service provider, Blackbaud, one of the world’s largest providers of customer relationship management systems for charities and the higher education sector. The University was one of a significant number of higher education and non-profit organisations affected in the UK and in other countries.

We would like to assure alumni, donors and other contacts that since we were made aware (on 16th July) of this incident, we have been investigating exactly what happened and working with Blackbaud to identify and give accurate information to those who may have been affected.

There is no need for further action on the part of alumni or donors at this time other than the usual vigilance for anything unusual relating to personal data.

The system affected manages some of our web content and email messaging for alumni, donors, and other contacts of the University. We have been told the information involved in the incident includes:-

  • Biographical Information such as name, title, date of birth, and former Student ID
  • Postal address, phone numbers and email address
  • Business Information such as job title and employer
  • University Qualifications
  • Non-Financial Gift-related Information such as gift amount, projects supported and gift aid opt-in
  • Event Booking information such as dietary and access requirements

Blackbaud have assured us that their detailed investigation found no encrypted information, such as bank account details, credit card data, or passwords, was included.

The University has launched its own investigation and has contacted directly those who may have been affected.

The University has also informed the Information Commissioner’s Office (ICO) of the breach and is awaiting further guidance.

We deeply regret the worry and inconvenience that this incident may have caused.

Please check back here for updates on how we are responding to this issue, including our response to any recommendations from Blackbaud, the ICO or regulatory authorities.

For enquiries please email blackbaud-response@glasgow.ac.uk.