Six universities among those hit by Blackbaud ransomware attack
A growing list of those affected also includes at least two charities


At least seven education institutions in the UK, US and Canada, as well as two charities, have been caught up in the major Blackbaud ransomware hack.
Alongside the York, Leeds and Reading universities, which were previously confirmed as being among the hack victims, several other institutions and charities have been confirmed as having been hit, according to the BBC.
Oxford Brookes and the University of London in the UK, as well as the Ambrose Univesrity in Alberta, Canada, and the Rhode Island School of Design in the US have written to alumni to warn their data may have been compromised. Human Rights Watch has also confimed its data may been affected, alongside the charity Young Minds.
The systems belonging to the databsase services company were targeted in a major hack in May this year, with the victims only informed on 16 July. The data, in many cases, include contact information and donation history, as well as events attended.
This story was updated to reflect new information. The original story is published below.
The University of Reading and Henley Business School has warned former students that their personal information may have been compromised as part of the major ransomware attack against service provider Blackbaud in May.
This is in addition to reports that data held by the University of Leeds, and at least one charity, was accessed in the same hack, days after the University of York confirmed their data was compromised. Like York, the University of Reading was only informed on 16 July, two full months after the initial incident.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
“I am sorry to inform you that our online database, containing details of alumni and supporters of the University of Reading and Henley Business School, which is operated by a third party contractor, was criminally hacked in May,” the letter read.
“On Thursday 16 July, we were informed by Blackbaud, the company that hosts our database of information for the University of Reading and Henley Business School alumni, that it was subject to a ransomware cyber security incident in May 2020.”
Blackbaud is a major supplier of database services to UK and US universities as well as charities. With the University of Leeds also suggesting it was a victim of the incident, according to the Times journalist Tom Knowles, and Young Minds confirming in a statement its data too may have been compromised, its likely further victims will emerge in the coming days.
The database accessed by cyber criminals contained details of alumni and supporters of Reading university held dates of birth, contact information, demographic information and a history of individuals’ relationship with the university. No sensitive financial information was accessed, such as credit card details, as this is held in a secure encoded form separately.
According to a message addressed to University of Leeds alumni posted on social media, not all Blackbaud clients have been affected in the same way, with varying types of data involved.
The database supplier confirmed in a statement that it discovered and stopped the ransomware attack in May 2020, with its cyber security team successful in preventing the hackers from fully blocking systems and encrypting its files.
The hackers did, however, remove a subset of data from its self-hosted environment, affecting a number of clients including those mentioned above. Blackbaud claims it ensured the safe return of this data after it paid the ransom demands “with confirmation that the copy they removed had been destroyed”.
Paying ransomware demands is generally ill advised among cyber security professionals, with 40% believing paying these demands should be made illegal, according to research.
As far as the confirmed victims are concerned, they were not consulted on the Blackbaud decision to pay the ransomware.

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.
-
M&S suspends online sales as 'cyber incident' continues
News Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
By Ross Kelly
-
Manners cost nothing, unless you’re using ChatGPT
Opinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
By Ross Kelly
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reported
News Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
By Nicole Kobie
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the last
News Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
By Ross Kelly
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackers
News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
By Emma Woollacott
-
Healthcare systems are rife with exploits — and ransomware gangs have noticed
News Nearly nine-in-ten healthcare organizations have medical devices that are vulnerable to exploits, and ransomware groups are taking notice.
By Nicole Kobie
-
Alleged LockBit developer extradited to the US
News A Russian-Israeli man has been extradited to the US amid accusations of being a key LockBit ransomware developer.
By Emma Woollacott
-
February was the worst month on record for ransomware attacks – and one threat group had a field day
News February 2025 was the worst month on record for the number of ransomware attacks, according to new research from Bitdefender.
By Emma Woollacott
-
CISA issues warning over Medusa ransomware after 300 victims from critical sectors impacted
News The Medusa ransomware as a Service operation compromised twice as many organizations at the start of 2025 compared to 2024
By Solomon Klappholz
-
Warning issued over prolific 'Ghost' ransomware group
News The Ghost ransomware group is known to act fast and exploit vulnerabilities in public-facing appliances
By Solomon Klappholz