MAYNOOTH UNIVERSITY HAS confirmed it was a victim of a widespread cyber hack in which data pertaining to students and alumni was stolen.
The attack occurred in May and was targeted at Blackbaud, a software company which provides software and cloud management systems to third-level institutions, including Maynooth University.
A number of institutions were affected by the hack, including NUIG which in July moved to reassure students that its data would not be used or disseminated after Blackbaud paid a ransom in exchange for the stolen files being destroyed.
Blackbaud at the time refused to list the institutions affected by the attack but in a letter to students and alumni of Maynooth University and seen by TheJournal.ie the college confirmed it was alerted to a breach on 16 July.
“On the 16th July, we received notification of a security incident from a third-party service provider, Blackbaud,” the letter said.
“They advised us that they were a victim of a ransomware attack in May 2020. After discovering the attack, Blackbaud’s cybersecurity team – together with independent forensic experts and law enforcement – successfully prevented the cybercriminal from blocking their system access and fully encrypting files, and ultimately expelled them.
“However, before being locked out, the cybercriminal removed a copy of a backup file containing personal information including a subset of Maynooth University data.
“Blackbaud paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed.”
The university said it launched its own investigation and, following this, is now able to notify affected parties.
It said data including the names, date-of-birth, addresses, and academic qualifications may have been stolen in the attack but there was no evidence that credit cards, bank details or passwords were accessed.
The university said: “Based on the nature of the incident, their research, and a third party (including law enforcement) investigation, Blackbaud does not believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly and are continuing to monitor this.”
It said the Data Protection Commissioner has been notified of the breach, it said, and the university is “reviewing our relationship with Blackbaud as a service provider”.
A spokesperson for the Data Protection Commissioner confirmed it has been notified of the breach.
Students and alumni of the college will not need to take any action but should “remain vigilant and report any suspicious activity or identify theft to the proper authorities,” the letter states.
“We sincerely apologise to you for this incident,” it added.
Maynooth University did not immediately respond to a request for comment.
To embed this post, copy the code below on your site
have your say