Statement on Blackbaud Data Security Incident
On July 16, the University of Missouri-Kansas City, was notified by a third-party vendor, Blackbaud, that the company was involved in a data security incident in May 2020. Blackbaud provides cloud-based services to thousands of schools, hospitals, and other non-profits.
Once Blackbaud discovered it had been a victim of a ransomware attack on its network, it launched an investigation with the assistance of law enforcement and independent digital forensics experts. Blackbaud paid the ransom and retrieved and destroyed the files.
Blackbaud has assured UMKC that no sensitive financial information from the UMKC Foundation was accessed. The UMKC Foundation does not store Social Security numbers – and bank account numbers, debit/credit card information were not shared with Blackbaud. Data that may have been accessed was information such as names, dates of birth, spouse’s names (where applicable), contact information, and degree information. With the files retrieved and destroyed, Blackbaud said there is no reason to think any data was or will be misused or will be disseminated or otherwise made available publicly. For additional information and Blackbaud’s response, please visit Blackbaud’s website.
UMKC continues to work closely with Blackbaud and the university’s own digital experts to investigate the incident. The security and integrity of data is paramount to this institution.