“Majority” of alumni and donors affected in May ransomware attack
Blackbaud won’t tell the university, or The George-Anne, how many people were affected in the hack
October 20, 2020
STATESBORO — Following an attack on a Georgia Southern software vendor, Blackbaud, in May, GS says a “majority” of alumni and donors had their names, social security numbers and donor profiles stolen.
According to a letter sent to those affected, the hackers took a backup of the data Blackbaud stored and attempted to encrypt the files to force Blackbaud to pay the ransom. They did and received confirmation that the hacked files were destroyed.
“There is no reason to believe any data was or will be disseminated, misused or otherwise made available publicly,” wrote Trip Addison, vice president of university advancement in a letter sent to those affected.
In response, GS has removed all social security numbers from Blackbaud’s database and Blackbaud has since identified the vulnerability and fixed it.
The university is unaware of how many people were affected through this hack, according to Jennifer Wise, director of communications. All GS knows is that it affected the “majority” of alumni and donors.
In an email to The George-Anne, Blackbaud wouldn’t say how many people were affected in the hack citing the privacy of their customers.
Blackbaud sent links to a statement on their website, three articles from The NonProfit Times (which can be found here, here and here) and said they wouldn’t comment further.
GS says anyone who received the letter should read it carefully, follow the instructions and call the number listed should they have any questions.
GS has also provided identity monitoring services for one year for all affected. That service includes credit monitoring, fraud consultation and identity theft restoration.