Blackbaud is the supplier of CRM systems for educational institutions and organisations in the non-profit sector. Numerous educational institutions around the world have been affected by the hack that happened between 7 February and 20 May. In the case of TU Delft, the successful ransomware attack has meant that the criminals gained access to an old back-up from the beginning of 2017 that was still in the Blackbaud environment.
According to a TU Delft press release, the company has announced that the back-up in question containing the data was destroyed by the hackers and has stated that there is no reason to suspect that the data has been shared by them.
‘We are reconsidering working with this company’
Blackbaud informed TU Delft of the hack months after it happened. More than late. TU Delft press spokesperson Karen Collet said that TU Delft has asked for an explanation. “We want to know the reason for the delay between the cyber attack and Blackbaud informing us. We also want to know what the company is doing to improve the security of its systems and why there was an old back-up in its system. We are understandably shocked and we are reconsidering working with the company. But first we need to know exactly what happened.”
At Utrecht University, the personal data of donors and contacts also fell into the hands of the hackers. These details even contained bank details, though they were encrypted.
TU Delft recently started storing the data of donors and their donations on Blackbaud’s CRM software. This information is more sensitive than names and addresses. “That data is encrypted too,” says Collet.
Update August 17: Utrecht University now also warns that tax payers information numbers were stolen from six thousand of their alumni. The university was not allowed to store these data in the first place. It did so by accident, the university says.
Comments are closed.