Blackbaud Data Security Incident
The University of Alabama System is Alabama’s largest higher education enterprise, comprised of three dynamic institutions — the University of Alabama, University of Alabama at Birmingham and University of Alabama at Huntsville — strive to provide the people of Alabama with regionally and nationally prominent teaching, research, and service programs with a profound impact on our state.
Blackbaud Data Security Incident
The information below relates to a data security incident involving Blackbaud, Inc., a third party vendor for the University. Blackbaud, one of the world’s largest providers of education administration, fundraising and financial management software for universities and non-profits was a victim of a data security breach that has affected more than 200 organizations internationally. Blackbaud notified the University of this data breach on July 16, 2020.
On July 16, 2020, the University was notified by Blackbaud that they had been the victim of a ransomware attack that occurred in May 2020. The cybercriminal was unsuccessful in blocking access to the databases involved in the attack. However, the cybercriminal was able to remove a copy of a subset of several client’s data. Blackbaud agreed to pay the cybercriminals to delete the information and reports they have assurances the data was deleted. Based on their research, Blackbaud and law enforcement officials believe that no data went beyond the cybercriminal. Nonetheless, Blackbaud has hired a third-party team of experts to monitor web activity as an extra precautionary measure.
What information was involved?
In the University’s case, the compromised data set, which was five years old, did not contain any bank account information, credit card information or social security numbers. The data potentially accessed may have included personal contact information like names, titles, dates of birth, phone numbers, email addresses, and affiliation and donor profile information with the University.
Steps the UA System has taken in response
They immediately launched their own investigation and have taken the following steps:
- We are notifying affected constituents to make them aware of this breach of Blackbaud’s systems so they can remain vigilant;
- UA System is working with Blackbaud to understand why there was a delay between it finding the breach and notifying us, as well as what actions Blackbaud is taking to increase its security;
- We are continuing to monitor the situation with Blackbaud to investigate this incident.
Steps you can take in response
As a best practice, we recommend you remain vigilant and promptly report any suspicious activity or suspected identity theft to us, and to the proper law enforcement authorities including your state’s Attorney General’s office. We also suggest you monitor national credit reporting agencies and report to them if you have concerns about suspicious activities. At the time, we are not aware of any instances of fraudulent activity connected to the University’s data. But, out of an abundance of caution, we encourage you to monitor your online and financial activity and report anything suspicious. Under U.S. law you are entitled to one free credit report annually from each of the three major credit reporting bureaus. For your convenience, the contact information for these credit agencies is below:
- Equifax: https://www.equifax.com/personal/credit-report-services/ 800-685-1111
- Experian: https://www.experian.com/help/ 888-397-3742
- Transunion: https://www.transunion.com/credit-help 888-909-8872
For more information
Blackbaud has issued a statement on their website regarding this incident. You can visit their site for more information. https://www.blackbaud.com/securityincident.