What Happened

On July 16, 2020, Blackbaud, a large service provider of customer relationship management systems for institutions of higher education and nonprofit organizations, notified the Delta College Foundation of a data security incident from May 2020. Blackbaud shared that they were a victim of a ransomware attack, affecting many users of their platform globally.

After discovering the attack, Blackbaud’s Cyber Security team—together with independent forensics experts and law enforcement—successfully prevented the cybercriminal from blocking their system access and fully encrypting files; and ultimately expelled them from their system. Prior to locking the cybercriminal out, however, the cybercriminal removed a copy of our backup file containing some of your directory-related information.

Exposed contents of our exposed backup file include directory information, such as names and addresses. Social Security numbers and credit card or bank account information was never exposed, as that information was securely encrypted. Based on the notification we received from the Blackbaud, we believe the information that may have been compromised was largely historical and presents little to no threat to the security of constituents’ protected personal information.

What We Are Doing

After our thorough review and consultation with legal counsel, the Delta College Foundation reached out via postal letter to share the information we received.

We have been assured that Blackbaud has already implemented several changes that will protect constituent data from any subsequent incidents. They have indicated that they have hired a third-party team of experts, including a team of forensic accounts, to continue to monitor for any such activity. And, the company has accelerated its efforts to further harden their environment through enhancements to access management, network segmentation, deployment of additional endpoint and network-based platforms.

What You Can Do

As with all data security incidents, we recommend that you continue to take precautionary measures to protect your personal information. Please monitor your financial accounts and remain vigilant for incidents of fraud and identity theft.

For More Information

The Delta College Foundation was just one of many nonprofits affected by this attack. We have worked with a coalition of foundations in the Great Lakes Bay Region who were also impacted by the ransomware attack on Blackbaud. Our combined due diligence led to further detailed information from Blackbaud about the nature and scope of the incident, visit Blackbaud’s informational website at: www.blackbaud.com/securityincident.