The University of Missouri’s (UM) officials alerted its wealth of donors about a data breach of its four campuses, in line with Blackbaud’s cybersecurity lapses.
Blackbaud is a third-party data management vendor that handles the university’s fundraising software. On Friday, Sept. 4, the university released a statement about the data breach, affecting its four campuses.
According to the statement, it’s only informed of the breach in late July, with hackers gaining access to personal information stored in the software. Blackbaud is responsible for the software for non-profit and educational institutions, but its systems were accessed by hackers.
The university clarified that no credit card numbers, bank information, and Social Security numbers were exposed. Blackbaud isn’t responsible for the payments received by the University of Missouri.
“Data such as names, street addresses, date of births, phone numbers, and email addresses, as well as wealth holdings, and net worth, could have been accessed during this incident,” stated the university.
The Missouri University of Science and Technology in Rolla also issued a statement regarding the breach that could possibly affect its donors. It notified the potentially affected parties about the incident and disclosed that unauthorized access was monitored by the third-party data management vendor.
Blackbaud’s donor management platform was highly affected by the breach, with hackers using ransomware to attack the cloud-based systems. This ransomware helps hackers obtain a copy of Blackbaud’s online data.
Meanwhile, the third-party vendor said it was able to stop the attack before shutting down its system, all the while preventing the breach.
“Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed [has] been destroyed. Based on the nature of the incident, our research, and third-party investigation, we have no reason to believe that any data went beyond the cybercriminal,” said Blackbaud.
The software vendor claims no data will be misuse, and everything will be disseminated, otherwise affected individuals will be notified.
The University of Missouri said they also worked with a third-party security company to investigate the matter at hand. Sharing the information to the public and the affected donors is just ‘appropriate’ to be aware of the situation.
In addition to personal names, UM said data acquired could include dates of birth, contact information, degree information, and S&T giving history.