Advertisement

Data of Trent University alumni, faculty may have been copied during cybersecurity attack

On Wednesday, an email was sent to 38,000 people affiliated with the institution, informing them that information such as their name, and date of birth, may have been copied by a cyber criminal. File

Trent University staff, faculty, alumni, donors, and external contacts may have had their information compromised, after a recent cybersecurity attack was launched on a third-party customer relationship service affiliated with the university.

On Wednesday, an email was sent to 38,000 people affiliated with the institution, informing them that information such as their name, address, date of birth,  contact details,  list of donations, or  communications related to event participation and volunteering may have been copied by a cyber criminal during a ransomware attack.

Read more: CAMH, Western among Canadian orgs affected by ransomware attack on Blackbaud

A ransomware attack is a form of malicious software used to copy and encrypt a victim’s files, then hold them hostage until a ransom is paid.

The attack was launched on the software solutions company Blackbaud in May. The supplier hosts Trent’s donor and alumni database.

Story continues below advertisement

In Wednesday’s email, the university said Blackbaud had confirmed to them that an investigation involving law enforcement found that no encrypted information — such as bank account details, credit cards, social security numbers or passwords — was accessed.

“We’ve spent alot of time with [Blackbaud],” said Julie Davis, VP of External Relations and Advancement at Trent University, on Thursday.

“We’ve decided that it is important we let people know, even though no financial information or passwords were accessed.”

Davis said the university is unsure how many people may have been compromised. However, she said a lot of the information copied by the cyber criminal “is public information anyway.”

On Thursday, Blackbaud declined to conduct an interview with Global News Peterborough.

“To respect the privacy of our customers, we cannot provide the names of those who were part of this incident nor can we discuss any customer specifically,” a representative from Blackbaud told Global Peterborough in an email on Thursday.

“Those customers which were part of this incident have been notified. ”

According to Blackbaud’s website, the company paid the cyber criminal the ransom, in exchange for confirmation that the information the criminal copied had been destroyed.

The website also says that, according to research and law enforcement investigations, the company has “no reason to believe” that any data will be misused or disseminated or otherwise made available publicly.

Story continues below advertisement

Davis said Trent University has worked with Blackbaud for 10 years now, and there hasn’t been a previous issue with the company throughout that time.

The university is asking those who’ve received the email to “remain vigilant” and report any suspicious activity or suspected identity theft to law enforcement.

Click to play video 'U.S. charges Chinese hackers accused of targeting COVID-19 vaccine research' U.S. charges Chinese hackers accused of targeting COVID-19 vaccine research
U.S. charges Chinese hackers accused of targeting COVID-19 vaccine research – Jul 21, 2020