Trent University staff, faculty, alumni, donors, and external contacts may have had their information compromised, after a recent cybersecurity attack was launched on a third-party customer relationship service affiliated with the university.
On Wednesday, an email was sent to 38,000 people affiliated with the institution, informing them that information such as their name, address, date of birth, contact details, list of donations, or communications related to event participation and volunteering may have been copied by a cyber criminal during a ransomware attack.
A ransomware attack is a form of malicious software used to copy and encrypt a victim’s files, then hold them hostage until a ransom is paid.
The attack was launched on the software solutions company Blackbaud in May. The supplier hosts Trent’s donor and alumni database.
In Wednesday’s email, the university said Blackbaud had confirmed to them that an investigation involving law enforcement found that no encrypted information — such as bank account details, credit cards, social security numbers or passwords — was accessed.
“We’ve decided that it is important we let people know, even though no financial information or passwords were accessed.”
Davis said the university is unsure how many people may have been compromised. However, she said a lot of the information copied by the cyber criminal “is public information anyway.”
- CRA to roll out new automatic tax filing system. Here’s what to know
- Canada hopes to boost regulation on natural health products. Here’s why
- Vatican formally renounces Discovery Doctrine after decades of Indigenous demands
- ‘There were failures’: N.S. shooting inquiry report slams RCMP response to 2020 tragedy
On Thursday, Blackbaud declined to conduct an interview with Global News Peterborough.
“To respect the privacy of our customers, we cannot provide the names of those who were part of this incident nor can we discuss any customer specifically,” a representative from Blackbaud told Global Peterborough in an email on Thursday.
“Those customers which were part of this incident have been notified. ”
According to Blackbaud’s website, the company paid the cyber criminal the ransom, in exchange for confirmation that the information the criminal copied had been destroyed.
The website also says that, according to research and law enforcement investigations, the company has “no reason to believe” that any data will be misused or disseminated or otherwise made available publicly.
Davis said Trent University has worked with Blackbaud for 10 years now, and there hasn’t been a previous issue with the company throughout that time.
The university is asking those who’ve received the email to “remain vigilant” and report any suspicious activity or suspected identity theft to law enforcement.