Statement about Blackbaud data security issue affecting University of South Wales

The information below relates to a data security breach involving a company called Blackbaud, which supplies engagement and relationship management software services to a number of educational institutions and charities in the UK, as well as across the world.  The University of South Wales is one of those institutions that works with Blackbaud in the management of its graduate and supporter records, and, unfortunately, is one of those affected by the breach.

Please note that the company Blackbaud is not associated the University's online teaching platform, which is called Blackboard.

The University of South Wales takes data security very seriously. As soon as we were notified we launched our own investigation and further details are below, including steps we have taken in response.

What happened?

Blackbaud advised us on 16 July 2020 that it had discovered a ransomware attack in May 2020.  The cybercriminal removed a copy of a subset of a data backup from Blackbaud’s NetCommunity hosted environment at some point between 7 February and 20 May 2020.

Blackbaud has advised that it has worked with third parties, including law enforcement and independent forensics experts, and that they paid the cybercriminal’s demand to ensure the data was not shared further and was destroyed, although we cannot verify this definitely. 

How was the University of South Wales affected?

The University of South Wales used NetCommunity for the purposes of sending community emails only, and ceased to use this self-hosted environment in December 2018.

Data accessed by the cybercriminal was a backup of data associated with sending emails through NetCommunity.

As a historic backup, data that was affected was not aligned to any current communication preferences. Given the dataset that was breached was historic in nature, nevertheless we felt it was appropriate to notify all who may have been affected, regardless of long-held and adhered to communication preferences.

Our understanding was that any data - including any backups – that would have been used to send emails were destroyed when the University ceased to use the NetCommunity product.  Regrettably, it appears that Blackbaud did not do this.

Blackbaud confirms that this incident did not reach solutions held in the public cloud environment and they confirm that the main alumni database was not breached in any way.  

What information was involved?

From the information provided by Blackbaud,  data that was accessed by the cybercriminal was ‘send to’ name and email addresses only. No other data was compromised, as no other data was held in the particular platform that Blackbaud has informed us was breached. As the information was held for backup purposes and not updated, it is likely that a number of the ‘send to’ addresses are not up to date.

NetCommunity is used in different ways by different Universities and organisations, therefore each institution has been affected differently.  

Why did Blackbaud not notify USW of the breach earlier and why am I only just finding out?

Blackbaud prioritised fending off the cyberattack in the first instance and expelling the cyber criminals from their system. They then started an investigation to understand what had been affected before being in a position to advise who had been affected and in what way.

We have contacted alumni and supporters at the earliest opportunity once we were notified of the breach and we have subsequently provided further specific details after they were supplied to us.

What have we done about the situation?

Upon learning of this breach we launched our own investigation and have taken the following steps:

  • We have informed the Information Commissioner’s Office (ICO)
  • We have notified those we believe to have been affected, to inform them of the incident and to advise them to be vigilant and aware of threats when using their email
  • We have been in regular contact with Blackbaud in an effort to discover what data was involved, how the hackers managed to get access to the data and why there was a delay in informing us
  • We have instructed Blackbaud to destroy all data associated with any backup of the NetCommunity hosted environment and are working with the company to gain assurances that this has been done
  • Our IT Security Team are working with others in the sector to understand what actions Blackbaud have taken to increase their security

Steps we will take in future

We will continue to work with Blackbaud to investigate the matter and are reviewing the contractual arrangements with them, focusing on their current and proposed security measures for our data.  Moving forward, we are also reviewing our ongoing relationship with them as a data processor.  

What can those affected do?

You do not need to take action in regard to this incident.

We do recommend that you remain vigilant and lookout for any unusual emails and do not, if prompted by email, share and disclose password or personal details.

The National Cyber Security Centre’s have helpful advice on online safety that may be useful.

We understand that our alumni may be distressed by these events. However, we hope that the information we have provided assures you that the University has,and will continue to do everything to keep your information secure. 

If you have any further concerns, please email