Blackbaud data security incident
A statement from City, University of London on the Blackbaud data security incident
On Thursday, 16th July 2020, City was made aware of a security incident involving one of our third-party service providers, Blackbaud. Blackbaud is one of the world's largest providers of customer relationship management systems for the higher education and not-for-profit sectors and hosts an alumni database for City.
After completing its investigation and analysis of the incident, Blackbaud notified City and other clients on 16th July that in May, the company had discovered and subsequently stopped a ransomware attack on its systems. City, University of London, was one of several universities and other organisations affected by the incident.
Upon notification, City immediately launched an internal investigation and notified the Information Commissioner (ICO) on Friday, 17th July while obtaining further information from Blackbaud. Once we had sufficient information, we immediately notified all affected stakeholders to advise that their data had been impacted by the incident.
City has received assurance from Blackbaud that, based on the nature of the incident, the company’s research and investigation by third parties (including law enforcement), Blackbaud has no reason to believe any data were or will be misused, or will be disseminated or otherwise made available publicly.
City understands that it may cause concern and distress to learn that criminal activity against one of our long-term and trusted service providers has impacted the personal data of alumni and supporters. We take data security seriously and have responded to this incident quickly and decisively. We continue to work closely with the ICO and with Blackbaud to ensure that our data remain secure.
- Please see here to read FAQs about the incident.
- For questions about this incident in relation to alumni services, please contact City’s Alumni Relations team on firstname.lastname@example.org.
- City’s data protection team can be contacted at email@example.com. You can raise any concerns about the handling of your personal data with us or, if you are dissatisfied with how we have responded to this incident, you can contact the Information Commissioner’s Office at https://ico.org.uk/global/contact-us/ or by calling 0303 123 1113. For further information please check the ICO’s website at www.ico.org.uk.