Incident Overview

Blackbaud, Inc. is a vendor that provides a variety of specialized customer relationship management products to university and nonprofits including many in North Dakota. They recently reported they discovered and addressed a cybersecurity incident that affected many of their customers, including the Minot State University Development Foundation. This incident may have given a third party access to certain Blackbaud client information.

Please be assured that we do NOT store bank account or credit and debit card information, and, therefore, none of this information was part of the incident. Blackbaud has confirmed that the investigation found that no encrypted information, such as Social Security numbers, was accessible.

Blackbaud has engaged third party forensic experts to actively monitor the possible use of this information and to notify individuals upon detection of misuse. No misuse has been reported and we do not believe there is a need for you to take any action at this time. As a best practice, we recommend that you remain vigilant and promptly report to the proper law enforcement authorities any suspicious activity or suspected identity theft. While we do not believe that this incident is reasonably likely to subject affected individuals to a risk of harm, we are providing this notice in an abundance of caution and transparency.

We sincerely apologize for this security incident of our vendor. The Minot State University Development Foundation understands the tremendous responsibility we have to protect the data we hold. Though this occurred with a third party, we are actively and thoroughly reviewing the incident.

We take data protection very seriously and deeply value our continued relationship with Minot State’s dedicated alumni and friends. We remain fully committed to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it. We sincerely regret any inconvenience this incident may cause.
Should you have any further questions or concerns regarding this matter, please do not hesitate to contact us foundation@minotstateu.edu or by calling 701.858.3399.

What Happened?

We were recently notified by one of our vendors, Blackbaud Inc., of a security incident in which Blackbaud experienced a ransomware attack. However, prior to being locked out, the cybercriminals removed backup files from Blackbaud’s platform, which hosted data for numerous colleges, universities, health care organizations, foundations, and other non-profit organizations around the world, including the MSU Development Foundation. Blackbaud believes the incident occurred between February and May 2020. Blackbaud discovered the incident in May, conducted an investigation, and notified the Foundation on July 16, 2020.

What Information was Involved?

After a careful review, we have determined that the information removed by the threat actor may have contained some information, which included the name, address and/or date of birth of some MSU stakeholders. Please be assured that we do NOT store bank account or credit and debit card information, and, therefore, none of this information was part of the incident. Blackbaud has confirmed that the investigation found that no encrypted information, such as Social Security numbers, was accessible. Also, Blackbaud worked with law enforcement and third-party experts and informed us that they paid the threat actor.

Risk and Continued Mitigation

At this time, based on the information we have received from Blackbaud, we have no reason to believe that any data will be misused, disseminated, or otherwise made publicly available. Blackbaud indicates that it has hired a third-party team of experts, including a team of forensics accountants, to continue monitoring for any such activity. Unfortunately, these ransomware attacks are becoming more and more common. As a best practice in today’s world of cybercrime, we recommend that everyone remain vigilant, monitor your credit reports and report any suspicious activity or suspected identity theft to the proper law enforcement authorities.

You may obtain a copy of your credit report, free of charge, whether or not you suspect any unauthorized activity on your account. You may obtain a free copy of your credit report from each of the three nationwide credit reporting agencies. To order your free report, please visit www.annualcreditreport.com; or call toll-free at 1-877-322-8228. You can also order your annual free credit report by mailing a completed Annual Credit Report Request Form (available at https://www.consumer.ftc.gov/articles/0155-free-credit-reports) to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA, 30348-5281.

What steps has the Minot State University Development Foundation taken in response?

We immediately launched our own investigation and have taken the following steps:

  • We are notifying all affected individuals to make them aware of this incident of Blackbaud’s systems so they can remain vigilant.
  • We assessed the exact impact of the incident on our data and notified affected individuals directly to comply with state-by-state legal obligations.
  • We are working with Blackbaud to understand why there was a delay between it finding the incident and notifying us, as well as what specific actions Blackbaud is taking to increase its security.
  • We are evaluating the scope of our relationship with Blackbaud going forward.