Frequently Asked Questions
In mid-July 2020, the University of Alaska received notification from one of its third-party vendors, Blackbaud, of a cyber incident. Blackbaud reported that in May 2020, it experienced a ransomware incident that resulted in encryption of certain Blackbaud systems. Blackbaud reported the incident to law enforcement and worked with forensic investigators to investigate. Following its investigation, Blackbaud notified its customers of the incident that occurred. Upon learning of the Blackbaud incident, the Foundation immediately began an investigation to determine how this incident impacts the University of Alaska. This investigation included working diligently to gather further information from Blackbaud to understand the scope of the incident. On or about August 5th, the Foundation received further information from Blackbaud that allowed it to confirm the full scope of the incident as it pertains to the University of Alaska.
When did the Foundation discover that this happened?
On July 16, 2020, the Foundation received notice from Blackbaud of a cybersecurity event that occurred on their systems and was discovered in May of 2020. The Foundation immediately began an investigation to determine how this incident impacts the University of Alaska. Based on its investigation and with additional information received from Blackbaud on or around August 5, 2020, the Foundation determined what information may have been present in the system.
Who is Blackbaud?
Blackbaud is a cloud computing provider that offers customer relationship management and financial services tools, focusing on the non-profit sector. With the permission of the University of Alaska, the Foundation uses Blackbaud computing services to maintain information on University of Alaska alumni, employees, donors, scholarship awardees, and friends in order to communicate with these constituents and ensure donor funds are properly managed and spent according to donor intent.
Was information of mine was potentially accessed?
The UA Foundation does not store any credit card, bank account, or social security information and therefore those data were not involved in this incident. The data potentially accessed on Blackbaud servers may have included biographical and personal contact information, and affiliation with the University of Alaska System, its three universities, their related Alumni Associations, and KUAC.
Because Blackbaud was not able to confirm if any University of Alaska Foundation information was accessed but could not rule out the possibility of such access, out of an abundance of caution, the Foundation is taking steps to make its community aware of this incident.
While much of the information stored in Blackbaud was not protected personal information, in the interest of transparency, the Foundation sent an email communication to all those whose information was present in the system for whom it had email address. For a limited number of individuals for whom protected personal information was present in the system, the Foundation mailed written letters to those individuals. That letter includes the specific categories of information that may have been affected by this incident.
What is the Foundation doing to prevent this from happening again?
The University of Alaska Foundation moved quickly to investigate the cybersecurity event, respond to this incident, and notify potentially affected individuals. The University of Alaska will work with Blackbaud to evaluate additional measures and safeguards to protect against this type of incident in the future. As part of the Foundation’s ongoing commitment to the security of information, the Foundation is also reviewing and enhancing existing policies and procedures.