31 Jul

Blackbaud data security incident

On 16 July 2020, King Edward VI Foundation was notified by Blackbaud, a third-party software provider used by the Development Office, of a data breach owing to a ransomware attack on their system. The School takes its approach to data security very seriously and we are taking all necessary steps to review and respond to this incident.

Blackbaud is one of the world’s largest providers of customer relationship management systems for not-for-profit organisations and educational institutions, and we understand a significant number of organisations in the UK and across the world have been affected by this attack. Blackbaud assures us that the issue has been resolved and that the data is secure.

Since the notification on 16 July, we have been working with the Foundation’s Data Protection Officer; we have been in touch with the ICO about the breach and await their further guidance. We are also speaking to other schools and universities to understand how they too have been affected, and to share best practice in dealing with this incident. We are notifying all those affected.

We are also clarifying with Blackbaud the actions they have taken, why there was a delay in notifying the School and what additional steps they are taking to increase their security.