Site navigation

National Trust and Edinburgh Zoo Latest Victims of Blackbaud Hack

David Paul



It has now been reported that more than 120 organisations have been affected by the attack, including several Scottish universities.

The Royal Zoological Society of Scotland (RZSS) and the National Trust are the latest victims of the Blackbaud ransomware attack that has so far affected companies worldwide.

The cloud computing provider announced that in May they discovered and subsequently stopped a ransomware attack on their systems. However, the attack appears to have already affected more than a hundred organisations around the world.

The RZSS sent out a message to its members warning them that their data may have been accessed, including names, dates of birth, postal addresses, postcodes, telephone numbers and email addresses.

The organisation said it had “worked closely with law enforcement” to look into the issue, and stated that to the best of their knowledge, any stolen information had been destroyed.

“We understand there is no evidence of the data being used and no reason to believe it will be,” RZSS said.

The National Trust said that volunteering and fundraising communities were involved in the attack and said that they were carrying out an internal investigation into the issues.

The organisation’s chief information officer, Jon Townsend, commented: “We are currently in the process of identifying and informing those affected.”

“We have reported the incident to the UK’s regulator for data protection, the Information Commissioner’s Office and the Charity Commission.”


The initial attack took place in May but was only announced in mid-July. It was reported last week that several Universities in the UK, Canada, and the US were also affected by the attacks, with the University of Leeds and Ambrose University in Alberta among those claiming data had been stolen.

In Scotland, St Aloysuis’ College and the University of Strathclyde have now announced data breaches on their systems as hackers stole the private information of university alumni and donors.

Much like the previous hacks, names, addresses, dates of birth and contact details were stolen, but credit card and bank information details were not accessed.

Edinburgh-based Heriot-Watt university also announced last week that it has been informed of a “data security incident involving a system used to store University personal data”.

The university said that Blackbaud had “provided assurances that the incident has been fully contained and that the data is secure”.

In a statement on the initial attack, Blackbaud announced that it had paid hackers a ransom to re-acquire the data and has assured affected organisations that it had now been deleted.

In a statement, the company said: “Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed.”

“Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly,” it added.

David Paul

Staff Writer, DIGIT

Latest News

%d bloggers like this: