Statement on the Blackbaud Data Incident

Summary

Below is a synopsis of a security incident incurred by a third-party vendor utilized by the Foundation for software and other advancement related services. It details the event itself, the exposure of university data, and corrective measures taken by the vendor to ensure the safety of customer information.

What Happened

On July 16, 2020, the Foundation was notified of a security incident by Blackbaud, a leading provider of software and cloud solutions for the non-profit industry. Blackbaud was the subject of a ransomware attack in May of this year, where cyber criminals obtained a copy of data from Blackbaud servers and held it for payment. Ultimately Blackbaud paid the ransom and was able to verify with the help of third parties (including law enforcement) that the cybercriminals destroyed the data, as per the terms of the ransom. Based on research as well as help from forensic experts, Blackbaud believes the data was not disseminated or made available publicly before being destroyed.

The Foundation utilizes Blackbaud software to record donor engagement and other advancement related activities. In addition to software, the Foundation and University also utilize Blackbaud services to perform performance and benchmarking analysis to aid in strategy development. Internally, the Foundation and advancement professionals across the University of Illinois System call the Blackbaud product, TED.

Information Impacted

The information exposure incurred by the University of Illinois was limited to aggregate data used in compiling performance and benchmarking reports within the Blackbaud donorCentrics environment. These reports use anonymized data to compile metrics and analysis, such as donor giving trends, retention, and reactivation. As mentioned, this data is anonymized and cannot be traced back to any specific donor, individual, or entity.

There was no exposure of any personally identifiable information of any University of Illinois constituent. Blackbaud has confirmed the breach of personally identifiable information occurred for a subset of hosted (servers reside in a Blackbaud data center) customers. Unlike some other institutions that utilize cloud-based solutions, the Foundation hosts our Blackbaud software on-premise in a secure University of Illinois data center, so our unique constituent data was not involved with the attack. Also, Blackbaud has confirmed that no bank account or credit card data was part of the breach.

Corrective Measures

Blackbaud has confirmed that they have already implemented measures to protect their systems from any subsequent incidents. They have identified the vulnerability associated with this incident, including the tactics used by the cybercriminal, and have taken the necessary actions to fix it.

Foundation Follow-Up

The Foundation is continuing to work with Blackbaud to better understand the issue, including the client notification process and the steps taken to ensure the safety of customer data going forward.

While no organization is immune to cyber attacks, be assured that the Foundation uses appropriate technical, organizational, and physical data security safeguards to help protect against unauthorized access to, use, or disclosure of information we collect, use, or store. Please direct any additional questions or concerns regarding this incident to cybersecurity@uif.uillinois.edu or (217) 333-0810.