Ransom paid to hackers who stole data from at least six UK universities

·2-min read
University of Leeds - bojangles/Alamy
University of Leeds - bojangles/Alamy

At least seven universities in the UK and Canada have been hit by a cyberattack, which saw alumni records and contact information for students and staff stolen by hackers.

Administration software provider Blackbaud had informed universities of the ransomware attack last Thursday, two months after it took place, with the University of York confirming this week that it was one of the institutions affected.

However, it had been unclear how many other universities were also hit. Today, it emerged that the University of London, the University of Reading, University of Loughborough, Oxford Brookes University and Leeds University were among the institutions whose data was compromised in the attack, in news first reported by the BBC.

The Rhode Island School of Design in the US, the Ambrose University in Alberta Canada as well as the Human Rights Watch and charity Young Minds also fell victim.

Some universities, such as Loughborough, only saw alumni data stolen. Universities were sending emails out to staff, students and alumni this week apologising for the breach.

The attack, which took place in May but only emerged this month, has prompted privacy concerns given Blackbaud said hackers had copied a subset of data from its systems.

In a statement on its site, Blackbaud said it had stopped the hackers blocking it from its system and encrypting the files. It paid the cybercriminals a ransom to delete the data, and said it had received confirmation that the copy had been destroyed.

The hackers’ menu
The hackers’ menu

The data included donation history, contact information and dates of birth. It is not thought that bank account, credit card details or passwords were taken.

Ilia Kolochenko, from web security company ImmuniWeb, said: “For cybercriminals, ransomware has become a reliable, riskless and highly profitable way to make easy money. It is virtually impossible to know though, let alone legally ensure, that they honor their promises even after being paid.

"Cyber gangs now use ameliorated tactics to extort payments from their victims by threatening to release stolen information. This works well as, even if the ransomware malware is stopped in a timely manner, like in this case, the cybercriminals never lose."