Blackbaud Information Security Incident

The information below relates to an information security incident involving Blackbaud, a service provider for the University of North Carolina System Office. Our organization takes our information protection responsibilities very seriously.

Several UNC System institutions that are clients of Blackbaud were impacted by this incident to varying degrees. Each affected institution is currently assessing the impact, if any, on its specific data. 

If you have concerns or questions, you may reach out to that institution to find out more information.

Blackbaud has posted some additional detail on their website.

The Incident

On July 16, 2020, we were notified by Blackbaud, one of the world’s largest providers of constituent relationship management systems for the higher education sector, that the company had discovered an information security incident in May 2020. Blackbaud representatives informed us that their self-hosted data environment had been the victim of a ransomware attack. In a ransomware attack, cybercriminals attempt to disrupt the business by locking organizations out of their own data and servers. Blackbaud expelled the intruders, but not before the intruders were able to remove a copy of a subset of constituent information. 

What information was involved?

The information available to the intruders in the Blackbaud database may have contained some of the following information:

  • Some information that is often available publicly, such as name, title, date of birth, spouse
  • Addresses and contact details such as phone numbers and e-mail addresses
  • Philanthropic interests, giving capacity and summary giving history to UNC System institutions
  • Educational attainment

Blackbaud indicated that information Blackbaud had encrypted, such as Social Security numbers, bank account informationor payment card information, was not readable by the intruders

What actions were taken by Blackbaud?

Blackbaud has indicated that, in order to protect constituents’ information and reduce potential identity theft risk, it met the intruders’ ransomware demand. Blackbaud received assurances from the intruders and third-party experts that any stolen information was destroyed. Blackbaud has also been monitoring the web for any potentially related nefarious activity. 

Steps we have taken in response

After we were informed by Blackbaud, we immediately launched our own investigations and have taken the following steps:

  • We are working with Blackbaud to understand more thoroughly what occurred so that we may reduce the likelihood of such incidents in the future.
  • We are collaborating with our higher education peers so that we may work together to avoid similar incidents within our vendor community in the future.
  • We are evaluating the incident across all channels to determine what action may be needed. 

For questions related to this matter, contact Blake MacIver, assistant vice president for Development Strategy and Operations, University Advancement, at bcmaciver@northcarolina.edu or call (919) 843-6780.

We will continue to seek additional information from Blackbaud to determine the full extent and impact of this incident. We very much regret the inconvenience that this incident may have caused. Please be assured that we take information protection very seriously and are grateful for your continued support.