Blackbaud, the cloud computing and customer relations provider for the CWU Foundation, was targeted by a ransomware attack in May, according to a letter sent to Foundation members on Aug. 11. Credit card and bank account information was not compromised, as it is not stored by the CWU Foundation. Social security numbers were also unaffected, as they are encrypted. 

During this attack, the cybercriminal was able to remove a subset of client data, including that of the Foundation, from Blackbaud’s servers. The Foundation was not made aware of this attack until July 16.

The Foundation data removed by the cybercriminal may have contained names, titles, dates of birth, spousal information, physical addresses, email addresses, phone numbers, philanthropic interests, giving capacity, summary giving history to CWU and education level.  

“Based on the security incident as reported by Blackbaud and the data type of personal information (i.e., names and birthdates) accessed, we do not believe there is a need for constituents to take any action at this time,” the letter said. “As a best practice, we recommend people remain vigilant and promptly report any suspicious activity or suspicious identity theft to proper authorities.” 

The cybercriminal demanded a ransom in exchange for destruction of the stolen data. Blackbaud paid the ransom, according to both the letter and a security report published on Blackbaud’s website. Investigations by law enforcement and a third party cybersecurity team have not found the data being misused or made public in the past three months.

“Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly,” Blackbaud’s website reads.

The letter said the Foundation took several steps after receiving this information, such as notifying constituents of the data breach and working with Blackbaud to further understand the delay between the attack occurring and the Foundation being notified. 

This incident involves several hundred institutions that use Blackbaud, and the Foundation is in communication with other Washington state institutions affected by it, the letter said.

Questions regarding the security incident should be directed to Executive Assistant in University Advancement Estelle Matthews at (509) 963-2848, or [email protected], the letter said.