University of New Haven Response to Blackbaud Data Breach
On Thursday, July 16, 2020, the University of New Haven received notification from Blackbaud of a ransomware attack which occurred in May of 2020. The cybercriminal removed data for the purpose of extorting funds from Blackbaud, one of the world’s largest providers of education administration and fundraising software for non-profits.
We want you to know that the compromised database did not contain any credit card information, or other personally identifiable information such as bank account information, usernames, passwords, or social security numbers. None of this information is kept in the University’s Blackbaud system, either encrypted or otherwise, so it was not part of the data breach.
However, Blackbaud has determined that the backup files removed before the attacker was locked out may have contained your contact information, demographic information, and a history of your relationship with the University of New Haven, such as donation dates and amounts.
Blackbaud complied with the cybercriminal’s demand, receiving confirmation that the data copy that was removed had been destroyed. Based on their investigation, Blackbaud and law enforcement officials believe that no data went beyond the cybercriminal. Nonetheless, they have hired a third-party team of experts to monitor the dark web as an extra precautionary measure. The University is working closely with Blackbaud to mitigate any further risk of exposure and will continue to deploy security-monitoring technologies aimed at malicious attempts to access information.
If you have questions concerning this unauthorized access of data, please contact Darcy Turner, Executive Director of Advancement Services at DaTurner@newhaven.edu. You may also wish to view Blackbaud’s communication about this event at https://www.blackbaud.com/securityincident.
Thank you.