Blackbaud Data Security Incident FAQs

We were recently notified by one of our third-party service providers, Blackbaud, of a security incident. At this time, we understand they discovered and stopped a ransomware attack. After discovering the attack, the service provider’s cybersecurity team—together with independent forensics experts and law enforcement—successfully prevented the cybercriminal from blocking their system access and fully encrypting files; and ultimately expelled them from their system. Prior to locking the cybercriminal out, the cybercriminal removed a copy of our backup file containing your personal information.

(Read Blackbaud’s statement about the incident.)

Blackbaud, headquartered in Charleston, SC, is one of the world's largest providers of fundraising and constituent relationship management software services for many higher education and not-for-profit organizations, including PLNU; this incident affected hundreds of organizations across the United States and internationally.

Blackbaud reports that it discovered and stopped the ransomware attack in May 2020. PLNU was notified in mid-July.

PLNU’s Office of University Advancement uses Blackbaud systems to manage and track alumni relations, donor relations, community relations, communications, and events.

PLNU uses Blackbaud products to manage communications, events, some email updates, and other activities that involve non-donors and non-alums.

Blackbaud launched their own investigation (that involved law enforcement) and has indicated that its teams were able to identify the vulnerability associated with this incident, including the tactics used by the cybercriminal, and took swift action to fix it.

Upon learning about the incident, PLNU commenced an investigation of its own and has taken the following steps:

• We notified potentially affected parties to make you aware of this breach of Blackbaud’s systems so you can remain vigilant;
• We worked with Blackbaud to independently review a copy of the breached data; understand why there was a delay between finding the breach and notifying PLNU; and what actions Blackbaud is taking to increase its security, monitor potential identity threats as a result of this breach, and ensure the highest levels of privacy;
• PLNU will continue to evaluate its business relationship with Blackbaud based on their responsiveness to this incident as well as their continued enhancements to cybersecurity and privacy protection;
• As part of the University's comprehensive cybersecurity strategy, we have an Information Security program that annually reviews third-party software vendors, such as Blackbaud, for compliance with applicable data security regulations and measures. The most recent review of Blackbaud in February 2020 found compliance with SOC1, SOC2, PCI-DSS, and PCI PA-DSS. This annual review was accelerated and updated in July 2020;
• We do not believe there is a need for our constituents to take any action at this time. As a best practice, we recommend that you promptly report any suspicious activity or suspected identity theft to the proper authorities.

As part of ongoing efforts, Blackbaud has already implemented several changes to protect your data from any subsequent incidents. Its teams identified the vulnerability associated with this incident and took action to fix it. Blackbaud has tested its fix with multiple third parties, including the appropriate platform vendors, and assured PLNU that the fix withstands all known cyberattack tactics.

As a best practice, we recommend you remain vigilant and promptly report any suspicious activity or suspected identity theft to the proper law enforcement authorities. The FTC may be reached at www.ftc.gov/idtheft or by calling 1-877-ID-THEFT (1-877-438-4338). You may also mail the FTC at Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580. You can also contact the national credit reporting agencies at:

Ransomware is a type of specialized computer virus, or malicious software, that is installed without end-user permission or knowledge that locks and encrypts data on a computer to prevent the user from regaining access to their data until a ransom is paid.

We sincerely apologize for this incident and regret any inconvenience it may cause you. Should you have any further questions or concerns regarding this matter and/or the protections available to you, please do not hesitate to contact PLNU at 619-849-2288 or BlackbaudQuestions@pointloma.edu.