This notice is to inform you of a data security incident experienced by Blackbaud, a third party service provider to Stonyhurst. On Thursday 16th July, we were contacted by Blackbaud. They are one of the world’s largest providers of customer relationship management systems used by the Independent Schools sector. They informed us that they had been the victim of a ransomware attack in May 2020. A cybercriminal was able to remove a copy of a subset of data from a number of their clients, including schools across the UK. The data breach for us is linked to a copy of our back up file held by Blackbaud.
What information was involved?
The data accessed illegally may have contained some of the following information:
- Basic details (e.g. name, title, gender, date of birth); and
- Addresses and contact details (e.g. phone, email)
How have Blackbaud responded to the situation?
A detailed forensic investigation was undertaken by Blackbaud. They have advised us that they paid the ransom and hired cyber security experts who have found no evidence that any information was released.
We take the protection of data very seriously.
- We are informing you, so that you are aware of this breach of Blackbaud’s systems and can remain vigilant;
- Blackbaud have informed the Information Commissioner’s Office (ICO) of the breach and we are awaiting further guidance;
- We are working with Blackbaud to understand why there was a delay between them finding the breach and notifying us, as well as what actions they have taken to increase their security.
What should you do?
There is no need for you to take any action at this time. As best practice, we would recommend that you remain vigilant and practise the usual caution around suspicious emails and letters.