BLACKBAUD DATA SECURITY INCIDENT
FREQUENTLY ASKED QUESTIONS (FAQ)
- WHAT HAPPENED?
A third-party vendor named Blackbaud, which helps Western Connecticut State University manage its database of donors and alumni, informed us of a criminal cyberattack that resulted in unauthorized access to certain information. Upon learning of this incident, we worked with WCSU’s information technology team and the Connecticut State Colleges & Universities (CSCU)/Board of Regents to review Blackbaud’s notification to determine what, if any, data may have been affected. Please know that we take this incident and the safeguarding of the security of our donors’ information very seriously.
- WHO IS BLACKBAUD?
Blackbaud is a software and service provider for more than 25,000 nonprofit organizations, foundations, and institutes of higher education worldwide, including the other three universities, and one college in the CSCU system. Current reports suggest numerous Blackbaud customers in multiple countries were affected.
- WHAT DOES WCSU USE BLACKBAUD SYSTEMS FOR?
The WCSU Office of Institutional Advancement and the WCSU Foundation use Blackbaud systems to manage and track alumni relations, donor relations, community relations, communications, events, and the finances of the WCSU Foundation.
- WHAT INFORMATION OF MINE WAS POTENTIALLY ACCESSED?
Blackbaud advised all of its customers that NO credit card information was included in the impacted files, and that NO bank account information, and NO Social Security numbers were accessible to the cybercriminal.
According to Blackbaud, the cybercriminal did access some Blackbaud customer data, including from WCSU. This data may have contained information related to donor relationships including contact information, demographic/donor profile information, and information regarding donor support of WCSU.
Blackbaud has told us that based on the company’s own research, as well as investigation by law enforcement and other parties, the company has no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly. The Board of Regents of the CSCU system has contacted the Connecticut Attorney General’s office to assist us in confirming that assessment.
- I AM NOT A DONOR OR AN ALUM. WHY AM I IN YOUR SYSTEM?
WCSU uses Blackbaud products to manage communications, events, some email updates, and other activities that involve non-donors and non-alums.
- WHAT IS BLACKBAUD DOING TO ADDRESS THE SITUATION?
As part of ongoing efforts, Blackbaud has already implemented several changes to protect your data from any subsequent incidents. Its teams identified the vulnerability associated with this incident and took action to fix it. Blackbaud has tested its fix with multiple third parties, including the appropriate platform vendors, and assured Western Connecticut State University that the fix withstands all known attack tactics.
- WHAT SHOULD I DO?
There is no need to take any specific action at this time. However, as a best practice, we recommend that you remain vigilant and promptly report any suspicious activity to the proper law enforcement authorities.
OUR COMMITMENT TO YOU:
While data breaches and ransomware attacks are becoming more common, this is not something Western Connecticut State University ever wants to happen to our valued supporters. WCSU takes your privacy very seriously. We will continue to work with Blackbaud, the Board of Regents and other authorities to look further into and monitor this incident. We sincerely apologize that this occurred through one of our third-party vendors and regret any inconvenience it may cause you. If you have any questions or concerns regarding this matter, please email firstname.lastname@example.org.