Sheffield Hallam University Confirms Blackbaud-Linked Data Breach

Sheffield Hallam University has confirmed that it is dealing with a data breach linked to the software provider Blackbaud.

University secretary Michaela Boryslawskyj said in an email to members of its community that it was notified by Blackbaud that Sheffield Hallam and a number of other universities had been affected by the incident. As detailed in the Sheffield Star, the email said Blackbaud’s systems were hacked and personal information relating to its alumni and other members of the community were stolen on Thursday July 16 2020.

“The data taken does not include bank details, financial information or sensitive personal data; and you do not have to take any direct action in relation to this incident at this stage,” Boryslawskyj said. “However, the university takes its approach to data security very seriously and we have established a full incident response group to review and respond to this issue. More information on the incident is included in this email.”

Sheffield Hallam University also believed the “names and contact details for alumni, donors and other stakeholders” were taken during the cyber-attack, and the university is managing the incident in accordance with its data security procedures.

“We sincerely apologize for any distress that this data security breach by Blackbaud may cause,” Boryslawskyj said. “The university takes data protection very seriously and we regret any inconvenience caused by this incident.”

Blackbaud, one of the world’s largest providers of education administration, fundraising and financial management software said in a statement that it “discovered and stopped a ransomware attack” in May 2020, however the attacker was able to remove a copy of a subset of data from Blackbaud’s self-hosted environment. Blackbaud did not disclose the incident until universities began to investigate incidents in the last few weeks.

Jonathan Knudsen, senior security strategist at Synopsys, said: “The aftershocks from the Blackbaud compromise continue to ripple outward, causing heartburn, financial damage and reputational damage in equal parts.

“The Blackbaud incident shows that managing software risk has a larger scope than just one organization. The software security deficiencies of partner or supplier organizations become your own problems when you depend upon them for delivering products or services. Correctly managing software and business risk encompasses managing risk from external vendors. It is easy to take software for granted as just part of doing business, but it is crucial to understand that the software we all use is itself a significant source of risk and must be managed just like any other business risk.”

Rufus Grig, CSO at Maintel, said the breach should act as a reminder to universities that they remain strong targets for hackers, due to the huge amounts of high-value personal and financial data they hold. “With more and more students now connecting remotely from all over the world, unless universities stay on top of their cybersecurity, breaches will become increasingly common,” Grig added.

“In addition, as IT infrastructure is gradually moved to the cloud, organizations must ensure how they transfer data is secure and that its stored safely.”

What’s Hot on Infosecurity Magazine?