Alumni & Supporters

Blackbaud Security Incident

Important Information from Newcastle University: Blackbaud

From Newcastle University Advancement

Dear Alumni Community,

We were recently made aware of a security incident involving our third-party service provider, Blackbaud. As a valued member of Newcastle University’s community your data security is always our priority, and we are contacting you as it is likely some of your personal information was involved.

The data taken does not include bank details, financial information or password data; and you need take no specific action at this stage, but remain vigilant and report any suspicious activity to police or other law enforcement authorities. However, in an abundance of caution, we are taking steps to notify anyone whose data was part of this attack. Blackbaud is one of the world's largest providers of customer relationship management systems for the higher education and not-for-profit sectors.

Newcastle and many other universities have been affected by this incident, in which Blackbaud’s systems were hacked and personal information relating to our alumni and other members of our community was accessed. The University takes its approach to data security very seriously and we have initiated a security review which will assess and respond to this issue, taking any steps required to avoid future exposure to such attacks.

What happened?

Blackbaud is a global software supplier and we use its cloud-based software as a service to manage relationships with our alumni and the wider Newcastle University community. We were notified on 16th July 2020 that Blackbaud had been subject to a ransomware attack, which it believes was carried out between February and May 2020.

During this attack, a sub-set of data belonging to a number of organisations, including Newcastle University and other UK universities, was copied. We have been advised that no bank details, credit card or password details were taken, the data accessed relates to names and contact details for alumni, donors, and other stakeholders.

We have been assured that no card or bank details were involved in the breach, but details of donation dates and amounts given are recorded on the platform.

Blackbaud has stated that it paid a ransom in order to receive confirmation that the copied data had been destroyed and it is Blackbaud’s belief that no further use has been or will be made of that data. Blackbaud reported the incident to relevant law enforcement agencies and to the information regulators in the countries in which their customers operate.

What we are doing

The University is managing this incident in accordance with its data security procedures and we have written to the Information Commissioner’s Office (ICO) to notify them of this incident. Colleagues from across the University are working with Blackbaud to assess and minimise the impact of this incident, as well as working to avoid future exposure.

As part of their ongoing efforts to help prevent something like this from happening in the future, Blackbaud has already implemented several changes that will protect your data from any subsequent incidents.

What do you need to do?

At this stage you need take no specific action, but remain vigilant and report any suspicious activity to police or other law enforcement authorities.

We apologise for any inconvenience or concern caused as a result of this incident. If you have any questions or would like to speak to us about this, please contact us at nrecman@ncl.ac.uk.

John Hogan
Registrar