Register / Password Reset
Blackbaud Data Security Notification

We wish to inform you of a data security incident with a third-party service provider of Durham University. Please click here for full details.

What happened?

One of our third-party service providers, Blackbaud, has informed us that they were the victims of a ransomware attack in May 2020.

What information was stolen?

Files from a number of Blackbaud clients.

For Durham University, this was a historic, backup file of a subset of data gathered via our ‘Net Community’ portal which runs behind our alumni website, dunelm.org.uk. Blackbaud have confirmed that no credit card details, bank details or passwords were stolen. Data stolen may have included: basic details e.g. name, title, gender, date of birth; and addresses and contact details e.g. phone, email and LinkedIn profile URL – if provided.

Am I affected and what do I need to do?

For Durham University, a historic, backup file of a subset of data gathered via our ‘Net Community’ which runs behind our alumni website at dunelm.org.uk was stolen. Though we know the file was historic, we do not yet know its date. Therefore, we are unable to identify the individuals whose details were accessed.

However, Blackbaud have confirmed that no credit card details, bank details or passwords were stolen. Data stolen may have included: basic details e.g. name, title, gender, date of birth; and addresses and contact details e.g. phone, email and LinkedIn profile URL.

There is no need for you to take any action at this time. As best practice, we recommend that you remain vigilant and promptly report any suspicious activity or suspected identity theft to the proper law enforcement authorities.

If you would like to speak to a member of our team, please contact: daro.privacy@durham.ac.uk. Otherwise, we will update you further in due course.

How is the University responding to the situation?

Durham University takes the protection of data very seriously. Before engaging Blackbaud, a thorough and comprehensive due diligence review was undertaken by members of our CIS technical and data security colleagues.

We have been informed that in order to protect customers’ data and mitigate potential identity theft, Blackbaud met the cybercriminal’s ransomware demand. Blackbaud have advised us that they paid the ransom and received credible assurances that the data has been destroyed.

However, we have immediately launched our own investigation and have taken the following steps:

  • We are informing our alumni, so that they are aware of this breach of Blackbaud’s systems and can remain vigilant;
  • We have informed the Information Commissioner’s Office (ICO) of the breach and are awaiting further guidance;
  • We are taking steps to understand how many other parties in the higher education and the wider not-for-profit sector have been affected;
  • We are working with Blackbaud to understand why there was a delay between them finding the breach and notifying us, as well as what actions they have taken to increase their security.

 

Meet the team
Gift Policy
Donor Recognition Policy
Dunelm Support

TLS Update -
Please ensure that your OS and browser are updated for your security. More info
Development and Alumni Relations Office
The Palatine Centre
Stockton Road
Durham
DH1 3LE

0191 334 6305
alumni.office@durham.ac.uk