Exeter University hit by data breach

Personal data of former students stolen

Exeter University's been in contact with former students on its 'alumni' databse to tell them they may have had a considerable amount of personal data accessed by hackers. 

The university uses a company called Blackbaud for some of its IT services - and they've been subject to a 'ransomware' attack. This is usually where hackers access information and then demand payment from the victim. Blackbaud was able to stop the cybercriminals taking full control of their systems, but personal information of former students was taken. The company works for a number of universities, and Exeter thinks the crooks only have "a small proportion of Exeter-related data" as part of the overall breach.

Blackbaud have told Exeter University that encrypted data such as bank and credit card details are not involved. Nevertheless, the criminals may have significant information such as:

• Personal details such as name, gender, date of birth
• Contact details such as postal and email addresses and telephone numbers
• Details of educational records such as the qualification(s) student received from Exeter, year of graduation and any interests they had as a student such as membership of sports clubs and other student societies
• Details of how former students engagemed with the university since graduation, such as records of events attended, donations made or volunteering activity undertaken
• Details of their subsequent career such as employment history, employer name and job title
• Any other information former students may have shared with the university, such as current interests.

The university says it doesn't think the risk is significant, but people should contact police if they think they've been a victim of identity theft as a result. They're working with the Information Commissioner's Office on the issue.