Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Newcastle University may face legal action in the wake of a cyberattack that was discovered on 30 Aug.
The Newcastle University data breach allegedly resulted in the personal information of students, staff and partners being posted online. The leaked information reportedly included names, birthdates, addresses, phone numbers and email addresses.
This information may have been accessed by hackers in a ransomware attack on Blackbaud, which provides cloud computing services to non-profit organisations, foundations, education institutions, corporations and healthcare organisations.
Hackers Threatened to Leak Data if Ransom Demands Not Met
International Business Times reported on 8 Sept. that cybercriminals threatened to leak students’ personal information if Newcastle University failed to pay a ransom.
DoppelPaymer, which Sky News reported as the hacker behind the data breach, began releasing some of the ill-gotten data online.
Newcastle University reported the cyberattack to the police and the Information Commissioner’s Office, but said it would “take several weeks” to address issues related to the data breach.
The cybercriminals allegedly used malware to access personal data.
“The threat of releasing the stolen data is used as additional leverage to pressure the target into meeting the criminals’ demands,” Brett Callow, a senior researcher at Emsisoft, said. “It’s impossible for us to say what data may have been extracted during the attack. The small number of documents that have been posted are simply a warning shot: the digital equivalent of a kidnapper sending a pinky finger.”
It is unclear if Newcastle University opted to pay the ransom to protect stolen data from being posted online. A spokesperson for the university said that they would not be able to provide further information about the data breach until the initial investigation is complete.
Lawyers Investigating Blackbaud Data Breach
Simpson Millar solicitors are reportedly investigating the Newcastle University data breach on behalf of more than two dozen clients who were affected by the leak. They allege the university failed to properly safeguard their data and may pursue legal action over the breach.
Robert Godfrey, the Head of Professional Negligence at Simpson Millar, called the data breach “deeply concerning” and said that those affected could have a claim for damages.
“We have had members of the universities contact us who are quite rightly very concerned,” Godfrey said. “We are actively investigating potential claims on behalf of people directly affected by this serious breach. This is a clear violation of General Data Protection Regulation (GDPR) and data protection rules.”
Godfrey says that the people affected by the data breach have a “clear entitlement to compensation for any upset, injury and cost of support and disruption to their lives.”
Other universities were also allegedly affected by the Blackbaud ransomware attack, including York University, South Wales University, Cumbria University, Leeds University, Birmingham University, Reading University, Surrey University and Kings College London.
Newcastle University Says it Takes Security Seriously
In November, Newcastle University’s IT Services issued an update intended to reassure those affected by the data breach. Email updates were also sent to students and staff.
“Please be assured that the University uses industry-standard tools and processes to record and protect account information, including passwords,” according to the latest updates on the IT Services website. “Newcastle University takes the security of our systems extremely seriously and this remains the subject of a Law Enforcement investigation. Our team in NUIT is working with these agencies to address the issue.”
Although the university experienced disruption to its networks and IT systems due to the cyberattack, it noted that many systems continued to be operational and that the university planned to commence its semester as planned on 28 Sept.
According to the IT Services Frequently Asked Questions page, there is no evidence to suggest that payroll data was compromised and staff would continue to be paid on time.
Newcastle University says that it is not currently possible to provide a timeline about when the situation will be resolved, but it will continue providing updates as soon as there is new information to share.
In September, a cyberattack also targeted Northumbria University and caused the campus to close for a period of time. Lawyers are currently seeking people who were affected by the Northumbria data breach in order to pursue potential legal action against the university for failing to protect their data.
Was your information compromised in the Newcastle University data breach or any of the other university data breaches? How have you been affected by the data breach? Tell us your story in the comments section below.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.