Blackbaud, the alumni and donor engagement management service used by Pomona College, experienced a ransomware attack that compromised personal information of Pomona alumni, parents and students this past spring.
According to a Sept. 21 email to alumni, a cybercriminal infiltrated Blackbaud systems Feb. 7 and retained access until May 20, when Blackbaud discovered and stopped a ransomware attack. Blackbaud notified Pomona of the attack July 16. The Sept. 21 email was the first public notice from the college about the attack, but information about a Blackbaud security incident was released on the service’s website in July.
According to Blackbaud’s website, the cybercriminal was expelled from the system but not before removing a copy of “a subset of data” from Blackbaud’s databases.
Blackbaud then “paid the cybercriminal’s demand” for confirmation that the data they removed had been destroyed, according to the service’s website. Blackbaud did not specify the demand paid. Based on consultation with forensic experts and law enforcement, Blackbaud does not believe any stolen data was or will be misused or made available to the public.
The college’s analysis of the stolen data revealed that information about current students, past students and parents of students was included in the database. The file had demographic data, including birth dates and class years, as well as “philanthropic giving history,” Vice President for Advancement Maria Watson said via email to alumni.
Watson said no debit card information, credit card information, bank account information or social security numbers were impacted.
The college began working with Blackbaud immediately after being notified of the incident, according to Cole Maddox, Pomona’s chief information security officer.
“As this was not an internal system that Pomona managed or maintained, we relied on Blackbaud to provide the information about the breach. After many weeks of effort, Blackbaud provided Pomona a copy of the database,” Maddox said in an email to TSL. “Once we completed reviewing the data, we determined our legal responsibilities and requirements and sent the notice to the community.”
According to Watson, Blackbaud has taken steps to permanently destroy the stolen copy of the backup file and has implemented changes to protect its system from future breaches.
Pomona assured alumni in the Sept. 21 email that the college remains in regular contact with Blackbaud and is continuing to monitor its response.
No action on behalf of Pomona alumni is required at the moment.
“This is the first time an incident like this has occurred with Blackbaud,” Maddox said. “Out of an abundance of caution, we wanted to be sure the community was aware of the breach to take precautions of their own.”