Information About the Blackbaud Security Incident

At Georgia Southern University, we understand the importance of protecting and securing the personal information we maintain. We were recently notified of a security incident that occurred with a vendor, Blackbaud. Those whose information was potentially encompassed by this incident have been notified individually.

Blackbaud is a cloud-based software company that provides services to thousands of schools, hospitals, and other non-profits. On July 16, 2020, Blackbaud notified us that it had discovered an attempted ransomware attack on Blackbaud’s network in May 2020. Blackbaud reported that it conducted an investigation, determined that backup files containing information from its clients had been taken from its network, and an attempt was made to encrypt files to convince Blackbaud to pay a ransom. Blackbaud paid a ransom and obtained confirmation that the files removed from its systems had been destroyed. Blackbaud reported that it has been working with law enforcement. 

Upon learning of the incident from Blackbaud, we conducted our own investigation of the Blackbaud services we use and the information provided by Blackbaud to determine what information was involved in the incident. On September 8, 2020, we determined that the backup files contained certain information pertaining to some individuals. The backup file involved in the Blackbaud incident contained information in fields that may have been viewable to the unauthorized person. 

For more information about this incident, consult the Blackbaud website at Blackbaud.com/SecurityIncident. If you have additional questions, please contact Trip Addison at taddison@georgiasouthern.edu.

Last updated: 10/14/2020