27/07/2020
Statement concerning Blackbaud data incident
On July 16th ACS was informed by Blackbaud – a trusted, leading global software provider to educational institutions, non-profit organisations and corporations – that Blackbaud had been the victim of a ransomware attack on its systems in May.
Blackbaud reported that the incident involved a cybercriminal removing a copy of a subset of data and demanding a ransom for its return or confirmation of its destruction. Blackbaud paid the ransom demanded by the cybercriminal once it had received credible confirmation that the data was destroyed. Blackbaud has confirmed that no credit card or bank account information was in the compromised data subset. Please read the Blackbaud statement about the incident here
Although we have received no evidence that any ACS data was compromised by this incident, ACS is a client of Blackbaud and uses it services to support our communication with our alumni and friends internationally. However, ACS does not provide Blackbaud with any alumni financial data or Social Security/National Insurance numbers. Personal details including names of alumni and contact information such as e-mail addresses are processed by Blackbaud on ACS’s behalf.
ACS takes data protection extremely seriously and maintains a data protection office that liaises with all departments at all times. We have been in contact with the UK data protection regulator over this incident and are reviewing our data protection practices, which we believe remain sound and safe. All evidence points to the risk of any incident of ACS alumni data being very low. The UK data protection regulator, ICO, has confirmed it agrees with ACS’ and Blackbaud’s assessment and has stated the incident deems low threat to our alumni’s and friends’ information.
This remains an ongoing situation and we are following Blackbaud’s and the ICO’s information and guidance closely. We will publish any developments as they become apparent. If you have any queries about this incident, please feel free to contact our data protection officer, Dr. Richard Harrold at [email protected] or our Alumni Relations Office at [email protected]