Trent University staff, faculty, alumni, donors, and external contacts may have had their information compromised, after a recent cybersecurity attack was launched on a third-party customer relationship service affiliated with the university.
On Wednesday, an email was sent to 38,000 people affiliated with the institution, informing them that information such as their name, address, date of birth, contact details, list of donations, or communications related to event participation and volunteering may have been copied by a cyber criminal during a ransomware attack.
A ransomware attack is a form of malicious software used to copy and encrypt a victim’s files, then hold them hostage until a ransom is paid.
In Wednesday’s email, the university said Blackbaud had confirmed to them that an investigation involving law enforcement found that no encrypted information — such as bank account details, credit cards, social security numbers or passwords — was accessed.
“We’ve decided that it is important we let people know, even though no financial information or passwords were accessed.”
Davis said the university is unsure how many people may have been compromised. However, she said a lot of the information copied by the cyber criminal “is public information anyway.”
On Thursday, Blackbaud declined to conduct an interview with Global News Peterborough.
“To respect the privacy of our customers, we cannot provide the names of those who were part of this incident nor can we discuss any customer specifically,” a representative from Blackbaud told Global Peterborough in an email on Thursday.
“Those customers which were part of this incident have been notified. ”
According to Blackbaud’s website, the company paid the cyber criminal the ransom, in exchange for confirmation that the information the criminal copied had been destroyed.
The website also says that, according to research and law enforcement investigations, the company has “no reason to believe” that any data will be misused or disseminated or otherwise made available publicly.
Davis said Trent University has worked with Blackbaud for 10 years now, and there hasn’t been a previous issue with the company throughout that time.
The university is asking those who’ve received the email to “remain vigilant” and report any suspicious activity or suspected identity theft to law enforcement.