Dear Clarke Community,
We are writing to inform you about a data security incident that may have involved your personal information. As you may be aware, Blackbaud, an engagement and fundraising software service provider, recently experienced a large-scale data breach. The Clarke University Institutional Advancement Office uses Blackbaud-hosted services and is one of many schools and nonprofits that have been affected in this breach.
While the seriousness of the data breach should not be undervalued, we want to assure you that the Clarke Institutional Advancement Office does not store social security information, credit card numbers, or other private financial information, and therefore, there is not a cause for significant concern in regard to this particular incident.
We also want to assure you that Clarke takes the protection and proper use of your information very seriously. We are contacting you as a precautionary measure to explain the incident and provide you with steps you can take to protect your personal information.
What Information Was Involved
It was determined that the compromised file might have contained demographic data and information pertaining to your relationship with Clarke University, including philanthropic giving history.
Based on the nature of the incident, research from Blackbaud, as well as independent third-party investigations, we have been notified that there is no reason to believe that any data went beyond the particular cybercriminal who instigated the breach. It is unlikely data was or will be made available for misuse. Additionally, Blackbaud has hired a third-party team of experts to continue monitoring for any such activity.
Blackbaud notified us in late July of a data security breach affecting higher education institutions and nonprofits across the United States. This data breach occurred on February 7 and continued until May 20.
Blackbaud informed us that they discovered and stopped a ransomware attack. With the help of independent forensics experts and law enforcement, they successfully prevented the cybercriminal from blocking or encrypting files. During the incident, a backup file containing personal information was compromised. According to Blackbaud, they paid the cybercriminal a ransom to ensure the backup file was permanently destroyed.
What our Service Provider is Doing
Blackbaud’s teams quickly identified the vulnerability associated with this incident, including the tactics used by the cybercriminal, and took swift action to fix it. The service provider has confirmed through testing by multiple third parties, including the appropriate platform vendors, that their fix withstands all known attack tactics. Additionally, our service provider is further enhancing its security protocols. As part of its ongoing efforts to help prevent an incident like this in the future, Blackbaud has already implemented several changes to protect your data.
What You Can Do
We are notifying you so you can take immediate action to protect your personal information. Although there is currently no evidence that your personal information will be misused, we encourage you to review our online resource site at cybersecurity.clarke.edu for guidance on further protecting your personal information.
As a best practice, we recommend that you remain vigilant and promptly report suspicious activity to the proper law enforcement authorities. Should you have any further questions, please contact firstname.lastname@example.org.
We sincerely apologize for this incident and regret any inconvenience it may cause you. We deeply value your relationship with Clarke University and always welcome your concerns and feedback as we move forward.
Vice President for Institutional Advancement