The information below relates to a data security incident involving Blackbaud, Inc., a service provider of the St. Petersburg College Foundation. Our organization takes our data protection responsibilities very seriously. We have launched our own investigation and further details are below.
On July 17, 2020, we were contacted by a Blackbaud representative and informed that a Blackbaud service provider had been the victim of a ransomware attack that culminated in May 2020. The cybercriminal was unsuccessful in blocking access to the database involved in the attack. However, the cybercriminal was able to remove a copy of a subset of several of their client’s data. Thisincluded a subset of St. Petersburg College Foundation data used for donor prospect research.
We would like to reassure our constituents that a detailed forensic investigation was undertaken, on behalf of Blackbaud, by law enforcement and third-party cyber security experts.
Blackbaud has confirmed that the investigation found that no encrypted information, such as Social Security numbers and bank account information or passwords, was accessible. Blackbaud also confirmed that no credit or debit card information was part of the data theft.
The St. Petersburg College Foundation data accessed by the cybercriminal in the Blackbaud database may have contained primarily demographic data in nature: name, address, contact information, email, birthday, degrees obtained at SPC, board service and philanthropic giving history.
What actions were taken by Blackbaud?
We have been informed by Blackbaud that in order to protect constituent’s data and mitigate potential identity theft, it met the cybercriminal’s ransomware demand. Blackbaud has advised us that it has received assurances from the cybercriminal and third-party experts that the data was destroyed. Blackbaud has been monitoring the web in an effort to verify the data accessed by the cybercriminal has not been misused. Blackbaud has also hired a third-party team of experts to continue monitoring for any such activity. For additional information about Blackbaud’s response, please visit www.blackbaud.com/securityincident.
The College and Foundation takes the protection and proper use of our donors and partners information very seriously. We do not believe there is a need for our constituents to take any action at this time. As a best practice, we recommend you remain vigilant and promptly report any suspicious activity or suspected identity theft to the proper authorities.
We value your trust in the College and sincerely apologize for any concern or inconvenience this incident may have caused. Please do not hesitate to reach out to us at email@example.com with any questions or concerns you may have.