Blackbaud Security Incident

The week of July 20, 2020 we were notified of a data security incident in which our third-party vendor, Blackbaud, suffered a ransomware attack in May 2020. This incident may have resulted in unauthorized access to certain information maintained by Blackbaud. Blackbaud is a cloud-computing company that provides donor record-keeping services to the University of North Alabama Foundation, as well as other foundations, health care organizations, and educational institutions within the non-profit sector.

In its notification, Blackbaud indicated that certain financial-giving records were included among the data potentially impacted by the recent incident. Such records could include donors’ names, physical addresses, phone numbers, birthdates, and donor profile information, such as donors’ real estate asset holdings, or giving history.

According to Blackbaud, sensitive personal information, such as Social Security numbers and credit card data, was not impacted as a result of the Blackbaud incident.

Feel free to read the FAQs below or contact Amy Bishop at abishop3@una.edu or call (256) 765-4757 with any questions or concerns about this incident.

Blackbaud data security incident FAQs

1. What happened?

The week of July 20, we were notified by one of our third-party service providers, Blackbaud, of a security incident. At this time, we understand they discovered and stopped a ransomware attack. After discovering the attack, the service provider’s Cyber Security team – together with independent forensics experts and law enforcement – successfully prevented the cybercriminal from blocking their system access and fully encrypting files; and ultimately expelled them from their system. Before locking the criminal out, the cybercriminal removed a copy of our backup file containing your personal information. This occurred at some point beginning on February 7, 2020, and could have been in there intermittently until May 20, 2020.

2. Who is Blackbaud?

Blackbaud is a cloud-computing provider that offers customer relationship management and financial services tools, focusing on the non-profit sector. The University of North Alabama Foundation uses Blackbaud primarily for these services, including front-end fundraiser analytics, benchmarking, and prospect screening analytics.

3. What information was involved?

It’s important to note that the cybercriminal did not access your credit card information, bank account information, or Social Security number. However, we have determined that the file removed may have included donors’ names, physical addresses, phone numbers, birthdates, and donor profile information, such as donors’ real estate asset holdings, or giving history. Because protecting customers’ data is their top priority, our third-party service provider paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed. Based on the nature of the incident, their research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly.

4. What we are doing.

We are notifying you so that you can take immediate action to protect yourself. Ensuring the safety of our constituents’ data is of the utmost importance to us. As part of their ongoing efforts to help prevent something like this from happening in the future, our third-party service provider has already implemented several changes that will protect your data from any subsequent incidents. First, the provider’s teams were able to quickly identify the vulnerability associated with this incident, including the tactics used by the cybercriminal, and took swift action to fix it. We have confirmed through testing by multiple third parties, including the appropriate platform vendors, that our fix withstands all known attack tactics. Additionally, they are accelerating our efforts to further harden their environment through enhancements to access management, network segmentation, deployment of additional endpoint, and network-based platforms.

5. Why did it take so long to notify me?

Blackbaud was advised by law enforcement not to begin notifying customers of the incident until the investigation of the extent of the breach was complete. However, upon receiving initial notification from Blackbaud, the University of North Alabama Foundation immediately responded and launched an investigation to determine the extent to which your data may be impacted. Our initial investigation and response efforts were required to ensure the accuracy of the information provided to you. The University of North Alabama Foundation then moved to notify those whose information may be impacted.

6. What you can do.

While there is no evidence of misuse of the information involved in this event, as a best practice, we recommend you remain vigilant and promptly report any suspicious activity or suspected identity theft to us and to the proper law enforcement authorities. We recommend the three credit reporting agencies: Equifax, Experian, and TransUnion as well as the Federal Trade Commission and the Alabama Attorney General.

For more information

We sincerely apologize for this incident and regret any inconvenience it may cause you. Should you have any further questions or concerns regarding this matter and/or the protections available to you, please do not hesitate to contact Amy Bishop, Development Services Manager, at 256-765-4757 or abishop3@una.edu.