Blackbaud University Data Breach Claims for Compensation

September 2020

Students, staff and partners of universities across the UK who may have had their personal details leaked online are preparing to take legal action against the organisations amidst concerns that more should have been done to protect their personal data.

Confidential information including names, dates of birth, addresses, phone numbers and email addresses are thought to have been stolen by hackers in the ransomware attack on which took place this year on Blackbaud - a cloud computing provider that serves non-profits, foundations, corporations, education institutions and healthcare organisations.

An investigation is currently underway to determine the full extent of the data breach, with institutions including York University, South Wales University, Cumbria University, Leeds University, Birmingham University, Newcastle University, Reading University, Surrey University and Kings College London affected.

Hundreds of site users have since expressed their concern over the data breach, and dozens of individuals have now instructed law firm Simpson Millar to begin investigations and to start legal proceedings.

Robert Godfrey, Head of Professional Negligence at Simpson Millar Solicitors - who is also handling hundreds of GDPR Data Breach Claims for compensation on behalf of hacked easyJet customers, as well as members of the British Dental Association (BDA) who have also been affected by leaked information - said the GDPR data breach was ‘deeply concerning’.

He says anyone affected by the data breach could have a valid claim for compensation against the universities for the distress caused by the ordeal.

He said, “We have had members of the universities contact us who are quite rightly very concerned. We are actively investigating potential data breach claims on behalf of people directly affected by this serious breach. This is a clear violation of GDPR and data protection rules.

“I am confident any person whose details have been accessed could have a valid claim for GDPR breach compensation. It is clear there has been of breach of individuals’ right to privacy and the universities are ultimately responsible. There is a clear entitlement to compensation for any upset, injury and cost of support and disruption to their lives.

“Many will be anxious and fear they will be targeted at home or work in the future.

“There is no doubt that the affected people are going to need support in this difficult time both from their family and friends. We’ve had individuals from nine UK universities approach us, so this data breach can be expected to have had a significant impact on a large number of people.

“The universities have a very clear duty of care to ensure that the members of their sites, who hand over their confidential information to them have their data secure and protected, are not exposed such as has happened in this breach.”

Solicitor Robert Godfrey added, “We would strongly suggest that those who are contacted by the universities involved should get legal advice about their options as soon as possible.” 

Contact our Data Breach Solicitors For a Free Case Assessment

We're happy to help

Monday to Friday 8:30am-7:00pm

08002 605 010

08002 605 010

We're happy to call you

Simply click below to arrange the assessment

Request a Free Case Assessment

Contact us for a Free Data Breach Case Assessment



Enter the organisation who has exposed your data

This data will only be used by Simpson Millar in accordance with our Privacy Policy for processing your query and for no other purpose

Simpson Millar Solicitors are a national law firm with over 500 staff and offices in Bristol, Cardiff, Lancaster, Leeds, Liverpool, London and Manchester.