Data stolen in university ransomware attack

At least seven British higher education institutions have been targeted in a global ransomware attack on education cloud computing provider Blackbaud.

According to the company, student and alumni data was stolen in the attack, which took place in May this year. However, the firm has confirmed that no bank account details, credit card details or social security numbers were stolen.

Universities targeted in the attack include the University of York, the University of Leeds, Loughborough University and the University of Reading. Also targeted by the hackers were the University of Manchester, Oxford Brookes University, University College in Oxford and the University of London.

Blackbaud is based in South Carolina and is one of the world's leading providers of education, administration fund-raising and financial management software. A representative from the company confirmed in a statement that it had paid a ransom to hackers in order to prevent any misuse of the data stolen.

"Because protecting our customers' data is our top priority, we paid the cybercriminal's demand with confirmation that the copy they removed had been destroyed," the company said.

"Based on the nature of the incident, our research and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly."

Commenting on the attack, the University of York added that it had launched its own investigation into the incident. A spokesperson confirmed that the institution was "working with Blackbaud to understand why there was a delay between them finding the breach and notifying us, as well as what actions they have taken to increase their security."