Quick links
Quick links

Blackbaud data security incident, July 2020

On Thursday, 16 July, we were made aware of a security incident involving one of our third-party service providers, Blackbaud.

Blackbaud is one of the world’s largest providers of customer relationship management systems for the higher education and not-for-profit sectors.

It informed us that in May it had discovered and stopped a ransomware attack on its systems, although some data was compromised. A number of  universities using its services have been affected, including the University of Leeds.

The company assures us that data compromised in the incident was comparatively low risk and did not contain any password, bank account or credit card information.

We are continuing to work closely with Blackbaud to determine exactly what personal data was compromised. We understand that other clients of Blackbaud have been affected in different ways, with varying types of data involved. In our case, it appears that names and email addresses for some members of our alumni and supporter community were affected.

Information on the sums given as gifts or event payments through the alumni web portal may also have been affected, although not any bank account or credit card details.

Blackbaud paid a ransom to the cybercriminal and received assurances that the stolen data was destroyed and not used or sold on to third parties. Blackbaud says that – based on the nature of the incident, its research, and investigation by third parties (including law enforcement) – it has no reason to believe any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly.

We understand that this news will cause concern among our alumni and supporters and we are sorry for any distress or inconvenience caused by what is criminal activity against one of our service providers.

To stress again though, no bank account, credit card or password information was affected by the cyberattack.

No action is required by our alumni community at this time, although in line with best practice, we recommend that everyone remains vigilant. Any suspicious activity or suspected identity theft should be reported promptly to the appropriate law enforcement authorities. We are also on hand should you need any technical support or reassurance.

We are continuing to work closely with the company to verify that all our data remains secure and are writing to those affected in our alumni and supporter community to explain what has happened.

We are also seeking an explanation for the delay in Blackbaud informing its clients of this issue.

As a precautionary measure, the Information Commissioner’s Office was sent a preliminary notification about this issue over the weekend.

Blackbaud has set out further details about the incident here.

Anyone with questions or concerns about this matter should contact us at

We take data security seriously. Our privacy notice details how we use your data, how we keep it safe and how to opt out of data processing activities. It can be viewed at

You can change your communication preferences at any time.

Check your Scrapbook

Photo link to scrapbook
Facebook Twitter Linkedin

© 2018 University of Leeds, Leeds, LS2 9JT | The University of Leeds is an exempt charity under Schedule 3 of the Charities Act 2011, ref. X6861