Blackbaud Data Security Incident
The information below relates to a data security incident involving Blackbaud, Inc., a third party vendor for the University. Blackbaud, one of the world’s largest providers of education administration, fundraising and financial management software for universities and non-profits was a victim of a data security breach that has affected more than 200 organizations internationally. Blackbaud notified the University of this data breach on July 16, 2020.

The Incident
On July 16, 2020, the University was notified by Blackbaud that they had been the victim of a ransomware attack that occurred in May 2020. The cybercriminal was unsuccessful in blocking access to the databases involved in the attack. However, the cybercriminal was able to remove a copy of a subset of several client’s data. Blackbaud agreed to pay the cybercriminals to delete the information and reports they have assurances the data was deleted. Based on their research, Blackbaud and law enforcement officials believe that no data went beyond the cybercriminal. Nonetheless, Blackbaud has hired a third-party team of experts to monitor web activity as an extra precautionary measure.

What information was involved?
In the University’s case, the compromised data set, which was five years old, did not contain any bank account information, credit card information or social security numbers. The data potentially accessed may have included personal contact information like names, titles, dates of birth, phone numbers, email addresses, and affiliation and donor profile information with the University.

Steps UA has taken in response
We immediately launched our own investigation and have taken the following steps:

  • We are notifying affected constituents to make them aware of this breach of Blackbaud’s systems so they can remain vigilant;
  • We are working with Blackbaud to understand why there was a delay between it finding the breach and notifying us, as well as what actions Blackbaud is taking to increase its security;
  • We are continuing to monitor the situation with Blackbaud to investigate this incident.

 Steps you can take in response
As a best practice, we recommend you remain vigilant and promptly report any suspicious activity or suspected identity theft to us, and to the proper law enforcement authorities including your state’s Attorney General’s office.  We also suggest you monitor national credit reporting agencies and report to them if you have concerns about suspicious activities. At the time, we are not aware of any instances of fraudulent activity connected to the University’s data. But, out of an abundance of caution, we encourage you to monitor your online and financial activity and report anything suspicious. Under U.S. law you are entitled to one free credit report annually from each of the three major credit reporting bureaus. For your convenience, the contact information for these credit agencies is below:

For more information
Blackbaud has issued a statement on their website regarding this incident. You can visit their site for more information. https://www.blackbaud.com/securityincident. Please feel free to email adv_info@ua.edu or call our Office of Advancement Services at (205) 348-5370 if you would like a UA representative to contact you.