Blackbaud Security Incident Statement

Updated August 7, 2020

On July 16, 2020, the University at Buffalo Division of University Advancement was notified of a ransomware cyberattack attack on Blackbaud.  Blackbaud is a third-party vendor which provides fundraising support to UB and many other major nonprofit organizations around the country. We understand an estimated 160 institutions were impacted by this attack.

Blackbaud informed UB that the attack had been identified and halted in May 2020.  You can read a description of this incident on the Blackbaud website (https://www.blackbaud.com/securityincident).

Out of an abundance of caution, UB notified all individuals whose data may have been part of this incident. Note that no credit card information, banking information, nor social security numbers were exposed as part of this breach as it is the policy of the Division of University Advancement to not store any type of financial and banking information. Only names and 2012 address and directory information—nearly a decade old at this time, were possibly hacked and obtained by the cybercriminal - It was Blackbaud’s responsibility to delete this old data.

Blackbaud has also reported to the university that, following a lengthy investigation involving law enforcement, there is no reason to believe any of the data was exposed beyond the cybercriminal nor will be misused or made available to others.  Blackbaud has informed UB that the data in question has been destroyed by the hacker.  

Blackbaud has assured UB that they will continue to work diligently to mitigate any further risk of exposure and will continue to deploy security-monitoring technologies aimed at malicious attempts to access their clients’ information. At UB, we take the proper protection and use of your data very seriously, and continually review and implement changes to minimize information security risks.

UB has directed Blackbaud to destroy and remove from its records the UB data that may have been hacked. In our communications with impacted individuals, UB encouraged all individuals whose data may have been part of this breach to remain vigilant and promptly report any suspicious activity or suspected identity theft to the proper authorities. UB also is offering one year of free credit monitoring service to all individuals whose data may have been part of this incident.

Questions concerning this unauthorized access of data or credit monitoring services should be directed to the Division of University Advancement at (716) 881-8904 or BlackbaudQuestions@buffalo.edu.