Cyber Incident Victim: Sheffield Hallam University

In May 2020, Blackbaud, a major provider of education administration and fundraising software, experienced a ransomware attack on its self-hosted systems. The attacker successfully exfiltrated a subset of data before Blackbaud detected and halted the intrusion. Sheffield Hallam University was among multiple institutions notified by Blackbaud in July 2020 that their data had been compromised in this breach. The university confirmed on July 16, 2020, through an email from Secretary Michaela Boryslawskyj to its community, that personal information relating to alumni, donors, and other stakeholders had been stolen. The compromised data included names and contact details but excluded bank account information, financial data, or sensitive personal records. Blackbaud delayed public disclosure of the incident until affected organizations began their own investigations weeks later.

Sheffield Hallam University activated its data security protocols upon notification, establishing a dedicated incident response group to assess and manage the breach. The university assured affected individuals that no immediate action was required but acknowledged potential distress caused by the incident. Official communications emphasized the institution’s commitment to data protection and regret over the inconvenience. The breach highlighted systemic risks associated with third-party software dependencies, as Blackbaud’s security failure directly impacted its client institutions. Universities were noted as high-value targets due to their repositories of personal and financial data, with remote learning expansions and cloud migrations cited as factors requiring heightened security vigilance. Sheffield Hallam maintained transparency through direct stakeholder communications while adhering to established breach management procedures.