Blackbaud Raiser's Edge Response
Posted on July 23, 2020
The message below relates to a data security incident involving one of our third-party service providers. We believe this event includes a number of educational, healthcare and other not-for-profit organizations in the US and abroad. Immediate action has been taken and an internal investigation is underway. Full details, including our steps taken in response, are included below.
On July 16, we were contacted by Blackbaud, one of the world's largest software companies and a third-party data management provider for the University of North Florida Foundation (UNFF). Blackbaud informed us that in May 2020 they discovered they were a victim of a ransomware attack. The cybercriminals were able to copy a subset of data from a number of their clients, including UNFF.
At UNFF, we use the Blackbaud product called Raiser's Edge NXT system internally to manage records and track engagement with members of our Osprey family, including community partners, donors, alumni and staff. After reviewing the information shared by Blackbaud and starting our internal investigation, we are publicly sharing details of this breach.
What information was involved?
A detailed forensic investigation was undertaken, on behalf of Blackbaud, by law enforcement and third-party cyber security experts. Blackbaud has confirmed that the investigation found that no encrypted information, such as bank accounts, credit card or passwords, was compromised during the attack.
For your protection, the UNFF Raiser's Edge database does not collect or store sensitive information including credit cards, social security numbers or banking information.
The data accessed may have contained some of the following information:
- Contact information including name, addresses, phone numbers and email
- Gender, date of birth and student number (if applicable)
- Record of University event and fundraising activities including donations, event participation, volunteer activity, etc. (if applicable)
- Employer information (if applicable)
What are we doing about the situation?
We have been informed that in order to protect customers' data and mitigate potential identity theft, Blackbaud met the cybercriminal's ransomware demand.
Additional Steps by UNFF:
- Notifying the Osprey community of the Blackbaud breach so that all can remain vigilant
- Working with Blackbaud to understand why there was a delay between finding the breach and notifying all those affected
- Requesting full details from Blackbaud on the additional security measures they plan to put in place
- Working with other higher-education institutions to understand the full depth of the breach
We do not feel there is a need for any member of our community to take action at this time, yet we recommend that all remain observant and report any suspicious activity or suspected identity theft to the proper authorities.
We regret this has taken place and apologize for any concern this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.
The UNFF values transparency, accountability and open communication. We promise that this will drive our response to the Blackbaud data breach, and we will keep the Osprey community informed. If you would like to contact a member of the UNFF team, please call 904-620-2100 between 8:30 a.m. and 5:00 p.m.