We received a notice from one of our vendors about a data security incident that may have involved the personal information of our donors. Craven Community College Foundation takes the protection and proper use of our donor’s information very seriously. We are therefore posting the following notice that was emailed to all of our donors to explain the incident and provide them with steps they can take to protect themselves.
WHAT HAPPENED?
Blackbaud, Inc., one of the world’s largest providers of education administration, fundraising, and relationship management software service providers, suffered a ransom attack that compromised certain personal information stored by Blackbaud. Numerous colleges, universities, foundations, and other non-profits across the U.S., U.K., and Canada were affected. We were recently notified that Craven Community College Foundation is among those affected.
WHAT INFORMATION WAS INVOLVED?
We use the Blackbaud products to assist with maintaining constituent relationships and analyzing fundraising efforts. The type of information potentially accessed during the incident includes publicly available information such as donor names, addresses, birthdates, and/or giving history.
It is important to note that sensitive information such as social security numbers, bank account numbers, and credit card information was not accessed during the incident.
WHAT ARE WE DOING?
Ensuring the safety of our donor’s data is of the utmost importance to us. Upon learning of this incident, we began our own investigation to determine the scope of the incident and how it may affect our donor community.
As part of its ongoing remediation efforts, Blackbaud has already implemented several changes that will protect your data from any subsequent incidents. According to Blackbaud, its teams were able to quickly identify the vulnerability associated with this incident, including the tactics used by the cybercriminal, and took swift action to fix it. It has confirmed through testing by multiple third parties, including the appropriate platform vendors, that its fix withstands all known attack tactics. Additionally, we understand that Blackbaud and law enforcement continue to investigate this incident and that Blackbaud has hired a third party consultant to monitor the web and dark web to track and report if any of the information obtained by the intruders is disseminated.
Based on these investigations and ongoing monitoring, Blackbaud has stated that it has no reason to believe that any data went beyond the cybercriminal, was misused, or will be disseminated or otherwise made available.
WHAT CAN YOU DO?
As a best practice, we recommend you remain vigilant and promptly report any suspicious activity or suspected identity theft to the proper law enforcement authorities. You are also encouraged to review your account statements and utilize free credit reporting services.
WANT MORE INFORMATION?
If you have any immediate concerns or questions regarding this matter, please do not hesitate to contact Charles Wethington at 252-638-7250 or wethingc@cravencc.edu.
We deeply regret any inconvenience this incident has caused. Please be assured that we take the protection of your information very seriously and are grateful for your continued support.