[BreachExchange] Legal action under way over University of Cumbria data breach

Destry Winant destry at riskbasedsecurity.com
Wed Sep 23 10:34:11 EDT 2020 

https://www.newsandstar.co.uk/news/18740021.legal-action-way-university-cumbria-data-breach/

Students, staff and partners of universities across the UK who may
have had their personal details leaked online are preparing to take
legal action against the organisations amidst concerns that more
should have been done to protect their data.

Confidential information including names, dates of birth, addresses,
phone numbers and email addresses are thought to have been stolen by
hackers in the ransomware attack which took place this year on
Blackbaud - a cloud computing provider that serves non-profits,
foundations, corporations, education institutions and healthcare
organisations.

An investigation is currently underway to determine the full extent of
the breach, with institutions including the University of Cumbria
affected.

Hundreds of site users have since expressed their concern over the
breach, and dozens of individuals have now instructed law firm Simpson
Millar to begin investigations and to start legal proceedings.

Robert Godfrey, Head of Professional Negligence at Simpson Millar
solicitors said the data breach was ‘deeply concerning’.

He says anyone affected by the breach could have a valid claim for
damages against the University of Cumbria for the distress caused by
the ordeal.

He said: “I am confident any person whose details have been accessed
could have a valid claim.

"It is clear there has been of breach of individuals’ right to privacy
and the universities are ultimately responsible.

"There is a clear entitlement to compensation for any upset, injury
and cost of support and disruption to their lives.

“Many will be anxious and fear they will be targeted at home or work
in the future."

A spokesman for the university said earlier this month: “We take data
protection very seriously and deeply regret that this data breach has
occurred. Blackbaud assures us that the data compromised in this
breach did not contain any usernames or passwords, bank account or
credit card information."

More information about the BreachExchange mailing list