The University of Georgia received notice from our data management software vendor, Blackbaud, of a security incident that occurred between February and May 2020 and affected cloud-hosted systems operated by Blackbaud and used by the University of Georgia Foundation and the Georgia 4-H Foundation.
The university is not the only organization affected by this security incident. Blackbaud is a leading software and service provider for non-profit organizations, foundations, institutes of higher education, and faith communities. Current reports suggest that there are hundreds of institutions like UGA that are impacted by this incident.
According to Blackbaud, no personal data which put donors at increased risk of identity theft were exposed in this security incident (i.e. no credit card information, bank account information, and social security numbers were exposed). Summary information on Blackbaud’s breach is available here.
University of Georgia Foundation
As a result of this incident, a cybercriminal acquired data stored in an external system used by the University of Georgia Foundation for researching prospective donors. These data did not include credit card information, bank account information, or social security numbers. However, the data included name, address, date of birth, contact information, school attended, field of study, and year of graduation for prospective donors. Blackbaud’s investigation (including law enforcement) concluded that the data acquired by the cybercriminal was destroyed and that the data likely will not be misused, disseminated, or made public.
Georgia 4-H Foundation
As a result of this security incident, a cybercriminal acquired data stored in the donor management and financial management platform hosted by Blackbaud and used by the 4-H Foundation. These data did not include any bank account information, credit card numbers, or social security numbers related to donors. Tax ID numbers for vendors to 4-H were involved but were encrypted and rendered unreadable. The data did include names, date of birth, contact information, and dates as well as donation amounts given by Georgia 4-H donors. Blackbaud’s investigation (including law enforcement) concluded that the data acquired by the cybercriminal have been destroyed and that the data likely will not be misused, disseminated, or made public.
What we are doing
The University of Georgia takes the protection and proper use of donors’ information very seriously. It is in detailed conversations with Blackbaud about this serious matter and their handling of data.
We will continue to monitor the situation and may provide updated notifications as new information dictates.
What you can do
The university is posting this notice out of an abundance of caution, and to provide our donors with the opportunity to better protect themselves from cybercrime.
If you think you could have been affected, we advise you to remain vigilant and report any issues you suspect may be related to the Blackbaud data breach to us via the contact information below. If you think you are the victim of a scam or identity theft, report it to the appropriate local law enforcement authorities.
For more information
We apologize for any inconvenience this incident may have caused. If you have further questions or concern, please contact us:
The University of Georgia Foundation – contact via email at firstname.lastname@example.org.
Georgia 4-H Foundation – contact 4-H via email at email@example.com.