UA FOUNDATION RESPONSE TO RECENT SECURITY INCIDENT INVOLVING BLACKBAUD

The Incident

On Thursday, July 16, 2020, the UA Foundation received notification from Blackbaud of a ransomware attack which occurred in May of 2020. Blackbaud is one of the world’s largest providers of customer relationship management systems and is used by a large majority of non-profits and higher education institutions worldwide. The UA Foundation was one of many organizations impacted by this cybersecurity incident aimed at extorting funds from Blackbaud.

What information was involved?

The UA Foundation does not store any credit card, bank account, or social security information and therefore those data were not involved in the incident.The data potentially accessed on Blackbaud servers may have included biographical and personal contact information, and affiliation with the University of Alaska System, its three universities, their related Alumni Associations, and KUAC. 

Based on its research, Blackbaud and law enforcement officials believe that no data went beyond the cybercriminal, and there is no further risk of harm. Blackbaud has hired a third-party team of experts to monitor the web for any misuse of the known data. The UA Foundation is working closely with Blackbaud to mitigate any further risk of exposure and also is working with national experts in data security and privacy.

More information about the incident can be found at Blackbaud’s website

We place the highest priority on the security of personal information, and we understand and share your concerns as members of the UA community. Rest assured that our team is working to learn more, identify ways to mitigate future incidents, and keep you informed. If you have questions concerning this security incident, please contact our dedicated assistance line at 1-844-480-0278 between the hours of 8 a.m. to 5 p.m. Pacific Time or email us at donor-relations@alaska.edu.

 

Frequently Asked Questions

 

What happened?


In mid-July 2020, the University of Alaska received notification from one of its third-party vendors, Blackbaud, of a cyber incident. Blackbaud reported that in May 2020, it experienced a ransomware incident that resulted in encryption of certain Blackbaud systems. Blackbaud reported the incident to law enforcement and worked with forensic investigators to investigate. Following its investigation, Blackbaud notified its customers of the incident that occurred. Upon learning of the Blackbaud incident, the Foundation immediately began an investigation to determine how this incident impacts the University of Alaska. This investigation included working diligently to gather further information from Blackbaud to understand the scope of the incident. On or about August 5th, the Foundation received further information from Blackbaud that allowed it to confirm the full scope of the incident as it pertains to the University of Alaska.

 

When did the Foundation discover that this happened?

On July 16, 2020, the Foundation received notice from Blackbaud of a cybersecurity event that occurred on their systems and was discovered in May of 2020. The Foundation immediately began an investigation to determine how this incident impacts the University of Alaska. Based on its investigation and with additional information received from Blackbaud on or around August 5, 2020, the Foundation determined what information may have been present in the system. 

Who is Blackbaud? 

Blackbaud is a cloud computing provider that offers customer relationship management and financial services tools, focusing on the non-profit sector. With the permission of the University of Alaska, the Foundation uses Blackbaud computing services to maintain information on University of Alaska alumni, employees, donors, scholarship awardees, and friends in order to communicate with these constituents and ensure donor funds are properly managed and spent according to donor intent. 

Was information of mine was potentially accessed? 

The UA Foundation does not store any credit card, bank account, or social security information and therefore those data were not involved in this incident. The data potentially accessed on Blackbaud servers may have included biographical and personal contact information, and affiliation with the University of Alaska System, its three universities, their related Alumni Associations, and KUAC. 

Because Blackbaud was not able to confirm if any University of Alaska Foundation information was accessed but could not rule out the possibility of such access, out of an abundance of caution, the Foundation is taking steps to make its community aware of this incident. 

While much of the information stored in Blackbaud was not protected personal information, in the interest of transparency, the Foundation sent an email communication to all those whose information was present in the system for whom it had email address. For a limited number of individuals for whom protected personal information was present in the system, the Foundation mailed written letters to those individuals. That letter includes the specific categories of information that may have been affected by this incident. 

What is the Foundation doing to prevent this from happening again? 

The University of Alaska Foundation moved quickly to investigate the cybersecurity event, respond to this incident, and notify potentially affected individuals. The University of Alaska will work with Blackbaud to evaluate additional measures and safeguards to protect against this type of incident in the future. As part of the Foundation’s ongoing commitment to the security of information, the Foundation is also reviewing and enhancing existing policies and procedures.

Back to Top