fbpx

Blackbaud Data Breach

THIS ACTION IS NOW CLOSED

In 2020, over 100 educational, charitable, and third-sector organisations had their data stolen following a breach at Blackbaud. This page explains how the data breach happened, the facts of the case, and the consequences for the affected victims.  

What happened in the Blackbaud data breach?

In 2020, over 100 educational, charitable, and third-sector organisations had their data stolen following a breach at Blackbaud.

Several UK universities were involved in this global privacy violation. Alumni and supporters of the various universities were amongst those that had their data breached.

The National Trust also confirmed that data about its volunteering and fundraising communities was compromised. Its 5.6 million members are not thought to be at risk, although volunteers and applicants for the National Trust’s volunteer program could have been compromised.

The breach happened when Blackbaud – a firm that provides administration, fundraising, and financial management software – was targeted by cybercriminals in a devastating cyber-attack. The hackers demanded a ransom in exchange for deleting the data, which Blackbaud paid.

Blackbaud took weeks to warn people that their data had been stolen. This left victims of the hack at risk of further attacks as they did not realise their data was in the hands of criminals, and that they needed to be extra vigilant. 

Furthermore, despite initially claiming that financial data had not been stolen, Blackbaud later admitted that bank account information and users’ passwords were among details feared accessed by hackers (although not everyone will have had their financial details compromised). 

According to the BBC, as of October 2020, the Blackbaud data breach had impacted at least 166 organisations.

The affected institutions included:

UK Universities

Heriot-Watt University

Hughes Hall College, Cambridge

University of Kent

King’s College London

University of Liverpool

St John’s College, Cambridge

Staffordshire University

University of Sussex

University of West London

Northumbria University

University of Glasgow

 

Heriot-Watt University

Hughes Hall College, Cambridge

University of Kent

King’s College London

University of Liverpool

St John’s College, Cambridge

Staffordshire University

University of Sussex

University of West London

Northumbria University

Loughborough University

 

University of Leeds

University of London

University of Reading

University College, Oxford

University of Aberdeen

Birmingham City University

Brunel University 

University of Durham 

Brasenose College, Oxford

Sheffield Hallam University

Magdalene College, Cambridge

University of Manchester

Edinburgh Napier

University of Newcastle

University of Northampton

Robert Gordon University

Selwyn College, Cambridge

University of South Wales

Somerville College, Oxford

University of Oxford

Charities

Including The National Trust, Young Minds, Action on Addiction, Breast Cancer Now, the Choir with No Name, Maccabi GB, Sue Ryder, the Urology Foundation and the Wallich.

The Labour Party

Blackbaud has confirmed that donator names, email addresses, phone numbers, and donation amounts were stolen in the Labour Party data breach. 

Blackbaud Data Breach Timeline

  • 14 May 2020
    Blackbaud becomes aware that it has been targeted by hackers.
  • 16 July 2020
    Blackbaud began telling users of a system breach.
  • 24 July 2020
    More than 20 universities and charities in the UK, US and Canada confirm they are victims of the Blackbaud cyber-attack.
  • October 2020
    Reports emerge that financial data was included in this breach.
  • September 2021
    The ICO issued a reprimand to Blackbaud for breaking data protection law.

Your questions answered

See our answers to the FAQs we get asked about the Blackbaud data breach.

The Blackbaud data breach happened when the software company experienced a cyberattack in May 2020. As a result of the hack, the personal data of millions of people may have been stolen. 

The information accessed depends on the institution involved. According to the BBC this could include:

  • Personal data such as names, ages, and addresses
  • Passwords
  • Car licence details
  • Employer information
  • Donor info including:
    • estimated wealth and identified assets
    • total number and value of past donations to the organisation in question
    • wider history of philanthropic and political gifts
    • spouses’ identity and past gift-giving
    • likelihood to make a bequest triggered by their death

Blackbaud has also admitted that bank account information was among the details feared accessed by hackers. Although not everyone will have had their financial details compromised. 

If your details were accessed in the Blackbaud data hack, you should have been informed. 

The affected educational institutions included:

  • ACS International Schools
  • Radley College
  • St Albans School, Hertfordshire
  • Stonyhurst College
  • University of Aberdeen
  • Aberystwyth University
  • University of Birmingham
  • Birmingham City University
  • Brasenose College, Oxford
  • University of Bristol
  • Brunel University, London
  • Cumbria University
  • De Montfort University
  • University of Durham,
  • University of East Anglia
  • University of Exeter
  • St Aloysius’ College
  • University of Glasgow
  • Goodenough College
  • Sheffield Hallam University
  • Heriot-Watt University
  • Hughes Hall College, Cambridge
  • University of Kent,
  • King’s College London
  • University of Leeds,
  • University of Liverpool
  • University of London,
  • Loughborough University
  • Magdalene College, Cambridge
  • University of Manchester,
  • Edinburgh Napier
  • University of Newcastle
  • University of Northampton
  • Oxford Brookes University
  • University of Reading,
  • Robert Gordon University
  • Selwyn College, Cambridge
  • University of South Wales
  • St John’s College, Cambridge
  • Staffordshire University
  • University of Strathclyde
  • University of Sussex
  • University College, Oxford
  • University of West London
  • University of York
  • Northumbria University
  • Somerville College, Oxford
  • University of Oxford