Blackbaud Data Incident

 

Recently the College was informed about a data security incident involving Blackbaud, a data processor for the College.  This incident has affected a number of higher education institutions in the UK and abroad that use Blackbaud’s industry standard services.  In the College’s case the incident would appear to have a minimal to no likelihood of harm and there is no need for alumni and friends to take any action.  

 

What happened? 

Blackbaud discovered and stopped a ransomware attack.  Prior to Blackbaud stopping the attack, the perpetrator had removed a copy of a subset of back-up data from Blackbaud’s self-hosted environment. Blackbaud has received confirmation that the copy has been destroyed.  The back-up file included names, matriculation year/affiliation, contact details (emails and addresses) and details you may have added when registering for an event or making a donation. The perpetrator did not access any credit, debit card, or bank account details. 

What is being done? 

Blackbaud has informed us that it has conducted its own investigation into the incident and has involved law enforcement agencies.  The College has voluntarily informed the Information Commissioner’s Office (ICO) about the incident as a precaution in relation to its reporting duties only (as there is a minimal to no likelihood of harm) and is working closely with Blackbaud to prevent this from happening again.  

 

Clare recognises that incidents of this nature can cause a great deal of concern.  Please do not hesitate to get in touch with us at development@clare.cam.ac.uk if you have any questions.  For more information on the College’s data protection see our Data Protection Policy.

 

What do you need to do?

In accordance with best practice please continue to remain alert to any potential misuse of your data and report any instances to the Information Commissioner’s Office.  Always be careful not to disclose financial information or passwords to anyone over email.  

 

We are disappointed that this has happened and we want to assure you that we take data protection seriously and are sorry for any inconvenience this may have caused.  We are sincerely grateful for your continued support.  

 

30th July 2020

 

//]]>