Blackbaud Data Security Incident
The safety and security of personal information related to our alumni, donors and friends is of the utmost importance to the Eastern Michigan University Foundation. That is why we are posting this notification related to a data security incident that took place at a third-party data management vendor that the EMU Foundation uses to manage information related to our constituents.
On July 16, we were contacted by Blackbaud to inform us of a data security incident that occurred between February and May 2020, which impacted hundreds of their clients worldwide. In May 2020, Blackbaud discovered and stopped a ransomware attack. In a ransomware attack, cybercriminals attempt to disrupt the business by locking companies out of their own data and servers. After discovering the attack, Blackbaud’s Cyber Security team – together with independent forensics experts and law enforcement – successfully prevented the cybercriminal from blocking their system access and ultimately expelled them from their system.
Prior to locking the cybercriminal out, the cybercriminal removed a copy of a subset of data from their systems. Blackbaud paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed. Based on the nature of the incident, Blackbaud’s research, and third party (including law enforcement) investigation, Blackbaud has no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly. Blackbaud has ongoing monitoring procedures in place to identify future potential misuse or dissemination of the data.
Please note that the EMU Foundation does not store credit card information or bank account information in our database. Any social security numbers we may have are encrypted in the backup and therefore unreadable. The information that may have been exposed includes:
- Public information such as names, titles, dates of birth and spouse names
- Address and contact information such as phone numbers and email addresses
- Philanthropic interests, giving capacity and giving history to EMU
- Educational attainment
Based on the information we have received from Blackbaud and our own analysis of the incident, at this time we believe that the information that may have been compromised presents little to no threat to the security of your personally protected information.
Security incidents are becoming more common especially as our society is driven to more online activity. We recommend that you continue to take precautionary measures to protect your personal information, including:
- Being aware of Phishing and Spear Phishing emails;
- Knowing about other Common Threatsand Cyber Security Awareness;
- Using strong passwords;
- Leveraging two-factor password authentication on devices and accounts whenever possible;
- Deleting files and data when you are done using them; and
- Pulling a free credit report annually. You may obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months:
- TransUnion: 1.800.680.7289; transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
- Equifax: 1.800.525.6285; equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
- Experian: 1.888.EXPERIAN (397.3742); experian.com; P.O. Box 9554, Allen, TX 75013
For more information on this security incident, you may visit https://www.blackbaud.com/securityincident for a more detailed description of the incident and of Blackbaud’s response. In reference to such, the EMU Foundation was not one of the customers identified by Blackbaud the week of September 27, 2020 regarding unencrypted sensitive data fields.
We are deeply sorry for the inconvenience and unnecessary concern this event might cause. Please be assured that we take all appropriate measures to protect your personal information and are always grateful for your continued support of Eastern Michigan University, its students and community.