Personal details of alumni at two Aberdeen universities have been compromised following a data hack.
Aberdeen University and Robert Gordon University were two of a number of educational institutes around the world that was affected by a data breach.
Blackbaud, a third-party supplier of alumni relations database and customer relationship management systems discovered a ransomware attack in May, where a cybercriminal removed data from its backup server at some point between February 7 and May 20.
Aberdeen University was informed on July 16 of the attack, with alumni contacted on Friday afternoon.
It is understood data related to alumni was taken, including personal information such as name, gender, date of birth and familial relationships, including contact details such as postal addresses, email addresses, telephone numbers and educational details such as degree subject and year of graduation.
It may have also contained details regarding current and previous employment and engagement with the university after graduation.
Blackbaud said it has been working with third parties including law enforcement on the issue, and also paid a ransom to ensure the data obtained was not shared any further and destroyed.
Keep up to date with the latest news with The Evening Express newsletter
An Aberdeen University spokesman said: “We can confirm that data belonging to the University of Aberdeen and its fundraising arm the University of Aberdeen Development Trust, and held by our third-party provider Blackbaud, has been affected by a recent data breach. A significant number of other organisations have been affected by this breach.
“We have reported this incident to the Information Commissioner’s Office in keeping with our open and transparent approach to these matters.
“While at this stage there is no indication that anyone has been adversely affected, we are contacting all those whose details were held by Blackbaud in order to provide advice on protective steps they may wish to take.
“As soon as we were alerted to the situation, we launched our own investigation, and we will also shortly begin a thorough review of our arrangement with Blackbaud in light of this breach.”
Robert Gordon University contacted its alumni yesterday about the breach.
In an email sent to those affected, it said it had carried out an extensive investigation however it was determined the type of data involved from the university did not pose a data protection risk to alumni.
It has also said it would review its ongoing association with Blackbaud in light of the incident.
A spokeswoman for Robert Gordon University (RGU), said: “Robert Gordon University can confirm that we, like many other organisations, have been affected by the data security incident experienced by Blackbaud.
“As soon as we were notified by Blackbaud we carried out an extensive investigation and determined that that the type of data affected from the university does not pose a data protection risk to those involved. However, RGU takes its information governance responsibilities seriously and we will review our ongoing association with Blackbaud in light of this incident.”
A statement from Blackbaud said: “To respect the privacy of our customers, we cannot provide the names of those who were part of this incident nor can we discuss any customer specifically. Those customers which were part of this incident have been notified.”
It added that it has “no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly.
“We apologise that this happened and will continue to do our very best to supply help and support as we and our customers jointly navigate this cybercrime incident.”