Human Rights Watch and children’s intellectual aptitude charity Young Minds showed that they were affected.
The hack targeted Blackbaud, one of the world’s largest school administration, fundraising and monetary control programs.
The U.S. company was hacked in May.
He criticized for not disclosing this outdoors before July and for paying the hackers an undisclosed ransom.
In some cases, the data was limited to that of former students, who had been asked to financially support the establishments they had graduated from. But in others it extended to staff, existing students and other supporters.
The institutions the BBC has confirmed have been affected are:
All establishments send letters and emails apologizing to those of the compromised databases.
In some cases, stolen knowledge included phone numbers, donation history, and occasions participants participated. The credit card and other main payment points appear to have been exposed.
Blackbaud, based in South Carolina, refused to provide a complete list of those affected, saying it sought to “respect the privacy of our customers.”
“Most of our consumers were components of this incident,” the company said.
He referred the BBC to a website on its website: “In May 2020, we discovered and stopped a ransomware attack. Before locking up the cybercriminal, the cybercriminal removed a copy of a subset of knowledge from us.”
He goes on to say Blackbaud paid for the ransom demand. Doing so is not illegal, but it goes against the recommendation of many law enforcement agencies, adding the FBI, NCA and Europol.
Blackbaud added that he had won “confirmation that the copy [of the data] from which it had been disposed of had been destroyed.”
Several Blackbaud consumers indexed on it have shown that they are not concerned, including:
“My biggest fear is how reassuring Blackbaud was, in my opinion, to the university about what the hackers got,” said Rhys Morgan, a cybersecurity expert and former Oxford Brookes University student whose knowledge was involved.
“They told my university that ‘there was no explanation as to why the stolen knowledge was or will be misused.’
“I can’t feel at ease with this at all. How can they know what attackers are going to do with this information?
Blackbaud said he was working with police and other investigators to monitor whether knowledge is spreading or selling on the dark web, for example.
Blogger lawyer Matthew Scott won an email about piracy.
“I doubt that my university will have many main points that cannot be easily had, but I am more involved in yielding to blackmail and cheerfully accepting the blackmailer’s word that all knowledge has now been destroyed,” he told the BBC. Training
According to the General Data Protection Regulation (GDPR), corporations will have to report a significant violation to the government of knowledge within 72 hours of having known an incident, or incurring possible fines.
The UK Information Commissioner’s Office [ICO], as well as the Canadian knowledge authorities, were informed of the breach last weekend, weeks after Blackbaud discovered the attack.
An ICO spokeswoman said: “Blackbaud reported an incident affecting several knowledge controllers in the ICO. We will ask you about Blackbaud and the respective controllers, and inspire all affected controllers to evaluate whether they report the incident separately to the ICO. Array”.
Leeds University said in a statement: “We would like to assure our students that, given that Blackbaud informed us about this incident, we are running tirelessly to investigate what happened, particularly to inform those affected. No action is required through our network of alumni at this time, although, as always, we propose that everyone remain vigilant.”