Information on a number of University of Auckland alumni and donors has been stolen in a targeted cyberattack. The information, stored on an private encrypted database, became compromised in May when an attack successfully retrieved the information.
In an email to alumni and donors on 30th July, Deputy Vice-Chancellor Jenny Dixon made the wider university community aware of the data security breach. Data taken includes contact details, dates of birth and information on donations and engagement with the University. The email emphasised that no passwords or credit card information was threatened by this attack.
The data is held by Blackbaud, a worldwide provider of not-for-profit database management software. In response to the attack, Blackbaud negotiated and paid a ransom to the cybercriminals in order to assure the safe destruction of the data. A university spokesperson is assured that this destruction has occurred – noting that it was in the interest of the cybercriminals to destroy the data in order to gain leverage in further data breach attacks.
The University of Auckland is one of two New Zealand universities identified in the data breach. The University of Otago sent an email to alumni in July outlining that a small file on some donors based in the United States was potentially compromised, however the extent of this compromise was still being identified.
The University of Auckland believes this breach has now been successfully resolved. The Office of the Privacy Commissioner has been informed of the breach along with those possibly affected.
Worldwide, British universities in Birmingham, Leeds, London, York, and University College, Oxford have all been identified as victims of the cyberattack.