At least seven UK universities were hit by ransomware attacks in May as part of a sustained global attack against their US based cloud provider Blackbaud.

In a report released by the BBC, some of the higher education institutions named as victims of the attack include:

University of York
University of London
University of Leeds
University of Reading
Oxford Brookes University
University College, Oxford
Loughborough University
Ambrose University in Alberta, Canada
Young Minds
Human Rights Watch
Rhode Island School of Design in the US

Blackbaud released a statement on it’s website revealing more details of the attack and why they’d paid an undisclosed ransom to the hackers, who promised in return to delete all the data that was stolen from their systems.

Because protecting our customers' data is our top priority, we paid the cybercriminal's demand with confirmation that the copy they removed had been destroyed.

Based on the nature of the incident, our research and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly.

Blackbaud statement

They followed up their statement by conforming no bank details, credit card information or social security data was accessed in the attack.

The information that was taken included names, gender, contact details and, in some cases, charitable donation history.

Most of the universities have now contacted affected students and donors and the University of York has confirmed that they’d contacted the Information Commissioner’s Office (ICO) about the breach and were ‘awaiting further guidance’.

People have the right to expect that organisations will handle their personal information securely and responsibly. The University of York has reported an incident to us, and we will be making inquiries