A cyber attack has caused a data security incident at both Aberdeen University and Robert Gordon University, it has emerged.
The two institutions have confirmed they are among the many to be affected by the recent hacking of software supplier Blackbaud.
The University of the Highlands and Islands (UHI), St Andrews University, Dundee University and Abertay University said they had not been impacted.
Blackbaud is a third-party database provider that discovered it had been the victim of a ransomware attack in May, in which cyber-criminals removed data from its back-up server.
A ransom was paid to ensure the data were not shared further and were destroyed, but Aberdeen University said it could not verify whether it happened.
The US-based cloud service company firm is a major provider of software used for education administration, fundraising, and financial management.
Scores of universities and charities in the UK are thought to have been affected.
A spokeswoman for Robert Gordon University (RGU) said the type of information involved “does not pose a data protection risk to those involved”.
Aberdeen University, meanwhile, has posted a message on its website saying that the data accessed may have included basic details such as names, dates of birth, addresses, phone numbers, as well as education and employment details.
It added that, for a small number of donors, “some financial-related data may have been involved”.
An Aberdeen University spokesman said: “We can confirm that data belonging to the University of Aberdeen and its fundraising arm the University of Aberdeen Development Trust, and held by our third-party provider Blackbaud, has been affected by a recent data breach.
“A significant number of other organisations have been affected by this breach.
“We have reported this incident to the Information Commissioner’s Office, in keeping with our open and transparent approach to these matters.
“While at this stage there is no indication that anyone has been adversely affected, we are contacting all those whose details were held by Blackbaud in order to provide advice on protective steps they may wish to take.
“As soon as we were alerted to the situation, we launched our own investigation, and we will also shortly begin a thorough review of our arrangement with Blackbaud in light of this breach.”
An RGU spokeswoman said: “Robert Gordon University can confirm that we, like many other organisations, have been affected by the data security incident experienced by Blackbaud.
“As soon as we were notified by Blackbaud we carried out an extensive investigation and determined that the type of data affected from the university does not pose a data protection risk to those involved.
“However, RGU takes its information governance responsibilities seriously and we will review our ongoing association with Blackbaud in light of this incident.”
A Dundee University spokesman said it also used Blackbaud, but had “not been affected in this incident”.
