The Emporia State University Foundation says the personal information of 67,000 alumni was exposed in a data security breach involving Blackbaud Inc., a fundraising service provider for the higher education sector.

Blackbaud fell under a ransomware attack in May 2020, and the perpetrator was able to obtain several sets of data from clients that included a subset of the ESU foundation. To protect the data, Blackbaud met the cybercriminal’s demand and paid a ransom.

The company said it received assurances from the cybercriminal and third-party experts that the data was destroyed.

“Based on the nature of the incident, our research, and third-party investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly,” the company said in a statement.

Blackbaud said it launched a forensic investigation through law enforcement and third-party cybersecurity experts to determine the severity of the breach.

Data obtained from the incident may have included identifying information, addresses and contact details, giving capacity and giving history to the ESU Foundation, a separate entity from the university that receives and invests donations into various programs across campus. The cybercriminal did not obtain any encrypted information, such as Social Security numbers and credit card information, the foundation said.

The ESU Foundation did not consult with law enforcement and does not plan to offer credit monitoring for those affected by the breach.

“We do not believe there is a need for you to take any action at this time,” said Shane Shively, president and CEO of the ESU Foundation, and Jose Feliciano Jr., director of alumni relations for the alumni association, in a letter to alumni. “As a best practice, we recommend that you remain vigilant and promptly report to the proper law enforcement authorities any suspicious activity or suspected identity theft.”

(0) comments

Welcome to the discussion.

Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.