Updated August 10, 2020 - 7:43 pm
A data security breach at a third-party vendor contracted by the UNLV Foundation may have compromised the personal information of donors, according to a letter sent Monday to donors.
The ransomware attack on Blackbaud — a provider of data services in the academic sector — began around Feb. 7 and “potentially continued” through May 20, when the breach was discovered, according to the notification. As many as several hundred organizations worldwide were affected, and UNLV Foundation was notified on July 16.
In the breach, a copy of a backup file containing personal data was removed. Donors’ Social Security numbers or financial data were not compromised, the notification states, though “investigators have determined that the file removed may have contained contact information, demographic information, and a history of donor relationships to UNLV, such as donation dates and amounts.”
Investigators and law enforcement officials “have reason to believe that data was not misused, disseminated, or otherwise made available publicly,” but as a precautionary measure, according to the notification, Blackbaud has hired a specialized team to continue to monitor the situation.
In a statement, Blackbaud said: “The Cybercrime industry represents an over trillion-dollar industry that is ever-changing and growing all the time — a threat to all companies around the world. Like many in our industry, Blackbaud encounters millions of attacks each month, and our expert Cybersecurity team successfully defends against those attacks while constantly studying the landscape to stay ahead of this sophisticated criminal industry.”
The foundation, which declined to comment Monday, said further action by donors is not required. More information and ongoing updates can be found at www.engage.unlv.edu/blackbaud.