The names, emails and home addresses of former students at the University of Lincoln were stolen by hackers in a “ransomware” attack.
The breach was discovered by cloud software company Blackbaud, who informed the university about the attack on its system on July 16. It was referred to the Information Commissioners Office and an investigation is underway.
A ransomware attack is where cybercriminals attempt to disrupt the business by locking companies out of their own data and servers. The attack happened some time between February 7 and May 20, 2020 and the university has since written to the former students to apologise.
Blackbaud confirmed that the breach did not involve any bank account or bank/credit card information. The cybercriminal did not gain access to usernames or passwords because these are encrypted.
The compromised file contained information submitted through the university’s NetCommunity system, which is used to administer parts of its online alumni network.
It may have included certain details administered through the system, such as first name, surname, date of birth, address and email. It may also have contained information on current employment, course studied and year of graduation.
A university of Lincoln spokesperson said: “We were one of a large number of universities and charities affected by this data security incident involving a major third party company, Blackbaud.
“We are immensely proud of our alumni community and apologise for any distress caused by this incident.”
Blackbaud said it discovered and stopped a ransomware attack in May and its Cyber Security team, along with independent forensic experts and law enforcement, successfully prevented the cyber criminal from blocking its system access and fully encrypting files. It expelled the cyber criminal from its system.