Blackbaud Data Breach Notification (September 8, 2020 - 2:05 PM)

Dear University of Bridgeport Community Members,

We are writing to inform you that the University of Bridgeport (UB) was recently notified about a data security incident that may have involved your personal information. Please know UB takes the protection and proper use of your information very seriously. We are therefore contacting you to explain the incident and provide you with additional steps.


What Happened:

Our third-party service provider Blackbaud – a cloud computing provider that serves the social good community whose products focus on fundraising, website management, CRM, analytics, financial management, ticketing, and educational administration – experienced a ransomware attack and informed us that the University of Bridgeport was one of the many institutions affected.

After discovering the attack, Blackbaud’s Cyber Security team—together with independent forensics experts and law enforcement— successfully prevented the cybercriminal from blocking their system access and fully encrypting files; and expelled them from their system. Prior to locking the cybercriminal out, the cybercriminal removed a copy of UB’s backup file with Blackbaud containing your personal information. For additional insight regarding this incident please visit https://www.blackbaud.com/securityincident.


What Information Was Involved:

It is important you know to be PCI Compliant the University of Bridgeport does not store credit card information, financial account information, social security numbers, or passwords within our database and was not accessed or compromised by the cybercriminal. However, Blackbaud has determined that the file removed may have contained other data such as contact information, demographic information, relationship records, and/or giving history. Because protecting customers’ data is a top priority, Blackbaud paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed. Based on the nature of the incident, their research, and third party (including law enforcement) investigation, they have no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly.


What We Are Doing:

As part of their ongoing efforts to help prevent something like this from happening in the future, Blackbaud has already implemented several changes that will protect your data from any subsequent incidents. Its teams were able to quickly identify the vulnerability associated with this incident, including the tactics used by the cybercriminal, and took swift action to fix it. They have confirmed through testing by multiple third parties, including the appropriate platform vendors, that their fix withstands all known attack tactics. Additionally, they are accelerating their efforts to further harden their environment through enhancements to access management, network segmentation, deployment of additional endpoint, and network-based platforms.


What You Can Do:

We do not believe it is necessary for you to take any further action at this time. As always, we recommend you remain vigilant and promptly report any suspicious activity to the proper law enforcement authorities.  Equifax   TransUnion   Experian


Your Appreciation To UB:

Your friendship with the University of Bridgeport is of utmost importance to us. We are working regularly with Blackbaud regarding this incident and will be monitoring the situation carefully.

Please accept our sincere apologies for any inconvenience this may have caused you.


Sincerely,
Ryan Zapolski
Interim Director of Advancement

Type: Security
Priority: Moderate