In 2020, over 100 educational, charitable, and third-sector organisations had their data stolen following a breach at Blackbaud. This page explains how the data breach happened, the facts of the case, and the consequences for the affected victims.
In 2020, over 100 educational, charitable, and third-sector organisations had their data stolen following a breach at Blackbaud.
Several UK universities were involved in this global privacy violation. Alumni and supporters of the various universities were amongst those that had their data breached.
The National Trust also confirmed that data about its volunteering and fundraising communities was compromised. Its 5.6 million members are not thought to be at risk, although volunteers and applicants for the National Trust’s volunteer program could have been compromised.
The breach happened when Blackbaud – a firm that provides administration, fundraising, and financial management software – was targeted by cybercriminals in a devastating cyber-attack. The hackers demanded a ransom in exchange for deleting the data, which Blackbaud paid.
Blackbaud took weeks to warn people that their data had been stolen. This left victims of the hack at risk of further attacks as they did not realise their data was in the hands of criminals, and that they needed to be extra vigilant.
Furthermore, despite initially claiming that financial data had not been stolen, Blackbaud later admitted that bank account information and users’ passwords were among details feared accessed by hackers (although not everyone will have had their financial details compromised).
According to the BBC, as of October 2020, the Blackbaud data breach had impacted at least 166 organisations.
Heriot-Watt University
Hughes Hall College, Cambridge
University of Kent
King’s College London
University of Liverpool
St John’s College, Cambridge
Staffordshire University
University of Sussex
University of West London
Northumbria University
University of Glasgow
Heriot-Watt University
Hughes Hall College, Cambridge
University of Kent
King’s College London
University of Liverpool
St John’s College, Cambridge
Staffordshire University
University of Sussex
University of West London
Northumbria University
Loughborough University
University of Leeds
University of London
University of Reading
University College, Oxford
University of Aberdeen
Birmingham City University
Brunel University
University of Durham
Brasenose College, Oxford
Sheffield Hallam University
Magdalene College, Cambridge
University of Manchester
Edinburgh Napier
University of Newcastle
University of Northampton
Robert Gordon University
Selwyn College, Cambridge
University of South Wales
Somerville College, Oxford
University of Oxford
Including The National Trust, Young Minds, Action on Addiction, Breast Cancer Now, the Choir with No Name, Maccabi GB, Sue Ryder, the Urology Foundation and the Wallich.
Blackbaud has confirmed that donator names, email addresses, phone numbers, and donation amounts were stolen in the Labour Party data breach.
The Blackbaud data breach happened when the software company experienced a cyberattack in May 2020. As a result of the hack, the personal data of millions of people may have been stolen.
The information accessed depends on the institution involved. According to the BBC this could include:
Blackbaud has also admitted that bank account information was among the details feared accessed by hackers. Although not everyone will have had their financial details compromised.
If your details were accessed in the Blackbaud data hack, you should have been informed.
The affected educational institutions included:
KP Law has some of the most skilled data breach lawyers in England and Wales. Here are just some of our success stories.
KP Law is a founding member of the Collective Redress Lawyers Association (CORLA). CORLA aims to improve access to justice for claimants by way of collective redress.
