Utrecht University’s data security breach at supplier Blackbaud

Photo by Thomas Lefebvre on Unsplash

Last updated 1 month ago by Michael Darmanin

Blackbaud, the world’s largest supplier of Customer Relation Management systems (CRM) for education institutions, has informed Utrecht University about a data security breach. This breach has affected a large number of educational institutions worldwide.

Utrecht University uses Blackbaud to register information about their students, alumni, donors and relations. After Utrecht University received the information from Blackbaud, the university started to do their own research in order to better understand the extent of the security breach.

The cyber attack on Blackbaud happened between the 7th of February and 20th of May according to Blackbaud. Unauthorized persons were able to get access to an outdated database of Utrecht University. After discovering what happened they informed Utrecht University on the 16th of July.

The hackers have not given away the data but have destroyed it. In recent weeks, Utrecht University has kept close contact with Blackbaud’s management to get a better understanding which data was involved.    

Ransomware attack gave hackers access to old back up from 2017

In the case of Utrecht University the data that the hackers gained was an old back up from 2017. The Blackbaud server archived that in the past; the data included information about alumni, donors and business contacts. The hackers could not gain access to bank card details and passwords because they were encrypted.

Educational Institutions and foundations worldwide affected by the cyber attack

The Utrecht University were not the only ones affected by the data breach. It is known that a number of well known educational institutions have encountered that same issues; specifically ones that made use of Blackbaud’s CRM systems.

The following steps will be taken by the Utrecht University from 16th July onward:

  • Keep closer contact with Blackbaud’s management.
  • Evaluation of the university’s cooperation with Blackbaud and any follow-up steps that should be taken.

Specifically, the Utrecht University wants to know:

  • Why does UU have outdated backup on Blackbaud’s server?
  • What was the cause of the delay between the cyber attack and Blackbaud’s notification to the UU?
  • What can be done to improve the security systems?
  • Is re-organization of the internal CRM database at the university necessary to prevent another breach?

Blackbaud will send the necessary information to the UU so that they can notify those who have been affected by the breach. Those who graduated after April 2017 have not been affected. There is no need for any action to be taken by anyone else at the UU. The UU has asked to always be alert of any suspicious messages or transactions and to only open answer emails from reliable sources. Kindly report any suspicious situations to the Computer Emergency Response Team of the Utrecht University via cert@uu.nl.

Source: Utrecht University

Share this:

About the Author

Sarah Chebaro

Sarah Chebaro

Sarah Chebaro is an Architect/Graphic designer who graduated with a MSc from TU Delft. She realized she wants to delve into the Journalism world and is now pursuing that part of the creative field. She is a traveler and enjoys to start conversations to allow people to explore certain subjects that they do not normally think about. She is an athlete wanting to inspire people to get their goals and aspires to spread the truth about what is happening around us.

Did you enjoy this article? Like us on Facebook or send us a message!

Leave a Reply

Your email address will not be published. Required fields are marked *