The University of York used a customer management system of the American company Blackbaud.
The data which the criminals managed to collect, included personal data of "graduates, staff, students and extensive networks and supporters". Phone numbers and addresses were also leaked e-mail, while it is believed that hundreds of people have been affected.
The secretary of the University of York, Jo Horsburgh addressed to victims of the violation, urges them to "remain vigilant and immediately report any suspicious activity or suspicion of identity theft."
He writes: "We are very sorry for the inconvenience this may have caused you infringement data from Blackbaud. "
According to Blackbaud, "there is no encrypted information, such as bank account information or passwords" or credit card information in the stolen data.
The items included in the list of stolen data are:
- personal information such as name, title, gender, date of birth and student number
- addresses and contact details, e.g. phone, email and LinkedIn profile URL
- training details
- records of alumni activities and fundraising, including participation, donations and any other interactions
- professional details, e.g. the profession in which they work and the employer
- information on the interests of people taking part in university research
Blackbaud had been forced to pay the ransom demanded and "then received assurances from the criminal that the data had been destroyed".
The university, for its part, has launched its own investigation into the incident. He has also updated the Office of the Information Commissioner (ICO) for the infringement and awaits further guidance.