CHAPEL HILL, NC – The University of North Carolina System has been notified of a ransomware attack on Blackbaud, a private company contracted to provide constituent relationship management services for the UNC System and several constituent institutions.
On July 16, Blackbaud informed the UNC System Office that the company discovered in May that it had been the victim of a ransomware attack. Blackbaud is one of the world’s largest providers of constituent relationship management systems, and this incident has impacted higher education institutions, as well as other foundations, health care organizations and non-profit organizations around the world.
After investigating the matter, Blackbaud found that the intruders removed a copy of a subset of information relevant to several of Blackbaud’s customers. According to Blackbaud, encrypted data, including Social Security numbers, bank account, and payment card information to the extent any such data was involved, was not readable by the intruders. Information that may have been available to the intruders includes donors’ names, physical addresses, birthdays, giving history, phone numbers, and e-mail addresses. According to Blackbaud’s communication, they have reason to believe that the intruders no longer have access to the data and did not pass the data on to anyone else.
We will continue to seek additional information from Blackbaud to determine the full extent and impact of this incident.