Forever Green
Campaign for Northwest
Directory
A-Z Index
 

Information on Blackbaud Data Security Incident

 Northwest Foundation

Blackbaud Data Security Incident

Thursday, August 6, 2020

The information below relates to a data security incident involving Blackbaud, Inc., a service provider of the Northwest Foundation. As you may be aware, Blackbaud, an engagement and fundraising software service provider, recently experienced a data breach.  Northwest Foundation is one of many schools and non-profits that have been affected. The Foundation takes our relationship with you and our data protection responsibilities very seriously. Please be assured that we do not store social security numbers or bank account numbers so that type of information was not accessed by the cybercriminal.  Blackbaud also assured us that the file accessed by the cybercriminal did not contain any credit card information and that they use encryption to store any financial account information.  Further details are below, including steps we have taken in response.

The Incident

On July 16, 2020, we were contacted by Blackbaud, one of the world’s largest providers of customer relationship management systems for not-for-profit organizations and the higher education sector. Company representatives informed us that a Blackbaud service provider had been the victim of a ransomware attack that culminated in May 2020. The cybercriminal was unsuccessful in blocking access to the database involved in the attack. However, the cybercriminal was able to remove a copy of a subset of data from several of Blackbaud’s clients including data of Northwest Foundation.

What information was involved?

We would like to reassure our constituents that a detailed forensic investigation was undertaken, on behalf of Blackbaud, by law enforcement and third-party cyber security experts.  

As noted above, Blackbaud has confirmed that the investigation found that the cybercriminal did not access your credit or debit card information, bank account information or social security number because that information was stored in an encrypted format.  Also note that Northwest Foundation does not store social security numbers or bank account information.

The Northwest Foundation data accessed by the cybercriminal in the Blackbaud database may have contained some of the following information in some data records:

  • Public information such as name, title, date of birth, spouse
  • Addresses and contact details such as phone numbers and e-mail addresses
  • Philanthropic interests, giving capacity and giving history to the Northwest Foundation
  • Educational attainment

The student records of Northwest Missouri State University were not involved in this incident.

What actions were taken by Blackbaud?

We have been informed by Blackbaud that in order to protect constituent’s data of Blackbaud clients like Northwest Foundation and mitigate potential identity theft, it met the cybercriminal’s ransomware demand. Blackbaud has advised us that it has received assurances from the cybercriminal and third-party experts that the data was destroyed and thus is no longer usable or accessible by any unauthorized persons or entities. Blackbaud informs us that it continues to monitor the web in an effort to verify the data accessed by the cybercriminal has not been misused. 

Steps we have taken in response

Upon notification of this breach by Blackbaud, we immediately launched our own investigation and have taken the following steps:

  • We are notifying affected alumni and friends to make them aware of this breach of Blackbaud’s systems;
  • We are working with Blackbaud to understand why there was a delay between it finding the breach and notifying us, as well as what actions Blackbaud is taking to increase its security;
  • We are conferring with other Blackbaud clients to share information about this breach, resulting corrective actions and identify any additional recommended best practices.
  • Any additional notifications will be posted to this website.

What You Can Do

We do not believe there is a need for our constituents to take any action at this time. Although there is currently no evidence that your information has been misused, as a best practice, we recommend people remain vigilant and promptly report any suspicious account activity or suspected identity theft to the proper authorities.

For questions related to the security incident, contact Lori Steiner, Northwest Foundation Chief Finance Officer, 660-562-1411, foundation@nwmissouri.edu

We will continue to work with Blackbaud to investigate this incident. We very much regret the inconvenience that this data breach may have caused and share your frustration. Please be assured that we take data protection very seriously and are grateful for the continued support of our alumni and friends.