Blackbaud Data Breach Notification
Last Updated: October 1, 2020
Rider University has been notified of a security breach at one of our trusted vendors, Blackbaud, Inc., which we use for our constituent database. Blackbaud, a well-respected provider of cloud and data services used by more than 25,000 organizations, including many institutions of higher education in more than 60 countries, informed all of their clients, including Rider, on July 16 that they experienced a data breach in May 2020. A detailed explanation of the incident is available on Blackbaud’s website.
What information was involved?
According to Blackbaud, an incursion into Blackbaud systems began on February 7, 2020 and continued intermittently until May 20, 2020 at which time Blackbaud discovered and stopped the ransomware attack. After discovering the attack, Blackbaud's cybersecurity team, together with independent forensics experts and the FBI, successfully prevented the cybercriminal from fully encrypting their files, and ultimately expelled them from the system.
In May 2020, prior to Blackbaud locking the cybercriminal out, the cybercriminal removed a subset of data stored on Blackbaud's systems, which possibly included a copy of our backup file containing personal information regarding some individuals. While we are working with Blackbaud to fully understand what information is involved, we know that the cybercriminal did not access highly sensitive data. The records we keep on this site include names, addresses, phone numbers, email addresses, and giving history. This database does not contain any Social Security, credit card, or bank account numbers.
What is Rider doing?
Ensuring the privacy and safety of our community’s data is of the utmost importance to us.
Blackbaud has assured us that based on the nature of the incident, additional research, monitoring, and third-party (including law enforcement) investigation, they do not believe that any data went beyond the individual cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly.
Blackbaud has not advised us of the information that was disclosed. We have been attempting since the date of notification to obtain that information from Blackbaud. Rider will continue to do everything we can to understand the full nature of the breach, details of the incident, and Blackbaud’s remediation plans.
What can you do?
Although we were assured by Blackbaud that there is no evidence that your personal information was retained or will be misused, we recommend that you remain vigilant and report any suspicious activity or suspected identity theft to us and the proper law enforcement authorities.
We apologize for this incident and regret any inconvenience it may cause you.