College was “not affected” by a cyber attack that occurred on Blackbaud Inc, a company which is used to manage databases of contacts for several universities.
A number of National University of Ireland Galway (NUI Galway) alumni were told that their information was affected by the attack, with an email on Wednesday from the Galway University Foundation notifying those who had been affected.
Speaking to Trinity News this evening, a college spokesperson stated: “We have been informed by Blackbaud that their recent data breach did not impact Trinity’s data in any way and that no Trinity College Dublin alumni data was affected.”
“This particular attack targeted a small number of their clients who were storing their data in a Blackbaud self-hosted environment,” the spokesperson continued. “Trinity data is stored in a separate Microsoft Azure cloud storage facility, which has the highest security protocols in place to deter these type of attacks.”
They added: “We continue to monitor the situation and Blackbaud’s investigation and response closely as the security of our data is of paramount importance.”
Personal information by NUI Galway’s database was breached in the cyber attack, which targeted the university’s funding foundation database. Reportedly, no credit card or bank details were breached in the cyber-attack.
In the email to those affected by the hack, the Finance Director of the Galway University Foundation said there was a “limited amount” of their personal information that was breached.
The email said: “At this time, we understand Blackbaud discovered and stopped a ransomware attack. This incident has affected several universities and other Blackbaud not-for-profit clients internationally.”
Blackbaud Inc stopped the cyber attack by stopping the hacker from shutting down its system, and locked the hacker out. Before the hacker was locked out of the database, they secured a backup file of personal information, which included a “subset of NUI Galway” data.
Blackbaud determined that the file that was removed may have contained names, contact information such as email addresses, telephone numbers and mailing addresses, as well as a history of the alumni and “supporters relationships” within the organisation.
Blackbaud Inc has reportedly “paid off” the cybercriminal to destroy their copy of the data stolen in the hack.
Speaking to the Irish Times, NUI Galway stated that they were “not party” to the decision to make this payment, and were only informed the payment had occurred after the fact.
The college is expected to “review its relationship” with the third party company over the incident.
Over a hundred organisations have been compromised from the attack across the world, including universities in Scotland, Wales, England and the United States. Reportedly, several Oxbridge colleges were compromised, as well as the Texas Tech Foundation in the US.
Blackbaud also stores data for several non-profit organizations, many of which were impacted by the attack, including Action on Addiction and Breast Cancer Now.