RISD Announces College Has Been Hacked -- Data Breach and Attempted Ransomeware Attack
GoLocalProv News Team
RISD Announces College Has Been Hacked -- Data Breach and Attempted Ransomeware Attack
According to RISD officials, credit card information and social security numbers were not compromised.
"Please be assured that RISD does not store credit card, banking information, or social security numbers in the Blackbaud environment, and therefore those data were not involved in the incident," said RISD in an email.
GET THE LATEST BREAKING NEWS HERE -- SIGN UP FOR GOLOCAL FREE DAILY EBLASTBut, fundraising information, as well as students' and graduates' demographic data, was hacked. "Compromised files may have included constituents’ demographics, their degree information, RISD affiliations, RISD Museum memberships, and other data internal to RISD and the museum’s fundraising and engagement activities, such as event participation, notes from meetings, donor prospect ratings, and philanthropic giving history," said RISD.
READ RISD'S LETTER
Dear RISD Community,
We are writing to let you know about a data security incident at an outside vendor that may have involved some of your personal information. RISD’s Division of Institutional Engagement and the RISD Museum have a contractual relationship with Blackbaud, a widely used software service provider for engagement and fundraising offices in higher education and nonprofits. Blackbaud recently experienced a ransomware attack and informed us at the end of last week that RISD is among the affected institutions. Blackbaud has more than 35,000 clients around the world; as of today, RISD has identified 160 other institutions around the country that have been affected.
Please be assured that RISD does not store credit card, banking information, or social security numbers in the Blackbaud environment, and therefore those data were not involved in the incident.
RISD takes the protection and proper use of your information very seriously. We are contacting you as a precautionary measure to share what Blackbaud has told its customers about the incident.
What Happened
RISD was notified by Blackbaud of the incident on July 16 and received additional information from the company on July 17. At this time, we understand from Blackbaud that there was an attempted “ransomware” incursion into their systems beginning on February 7 and continuing until May 20. Prior to being locked out, the cybercriminal reportedly removed a copy of some Blackbaud customer backup files that may have contained personal information (other than credit card, bank account, and social security numbers). Blackbaud reports that, after discovering the attack, their Cyber Security team—together with independent forensics experts and law enforcement—successfully blocked the cybercriminal from encrypting files and making them inaccessible, and that they prevented the files from being disseminated. According to Blackbaud, the company paid a ransom for confirmation that the backup file was permanently destroyed. More information about the incident can be found here.
What Information Was Involved
As noted above: the cybercriminal did not access your credit card, banking information, or social security number because RISD does not store that data in the Blackbaud databases. However, Blackbaud has ascertained that the compromised files may have included constituents’ demographics, their degree information, RISD affiliations, RISD Museum memberships, and other data internal to RISD and the museum’s fundraising and engagement activities, such as event participation, notes from meetings, donor prospect ratings, and philanthropic giving history.
Based on the nature of the incident, their research, and third-party (including law enforcement) investigation, Blackbaud states that it has no reason to believe that any data went beyond the cybercriminal, was misused, or will be disseminated or otherwise made available publicly. Nevertheless, the company has hired a third-party security service to monitor for such activity indefinitely.
Blackbaud’s Remediation Efforts
As part of its ongoing efforts to help prevent something like this from happening in the future, Blackbaud has affirmed to RISD that it has already implemented changes to protect its system from any subsequent incidents: They have identified the vulnerability associated with this incident, including the tactics used by the cybercriminal, and taken actions to fix it. They have also confirmed through testing by multiple third parties, including the appropriate platform vendors, that their fix withstands all known attack tactics. Additionally, they are accelerating their efforts to further harden their environment through enhancements to access management, network segmentation, deployment of additional endpoint, and network-based platforms.
For More Information
We sincerely apologize for this incident and regret any inconvenience it may cause you. RISD remains in regular contact with Blackbaud regarding the details of this incident, and we are continuing to monitor their response. As more detailed information about the incident becomes available, we will follow up with anyone we believe may have been directly affected.
If you have any immediate concerns or questions, please contact us at [email protected].
Sincerely,
Rick Mickool
RISD Chief Information Officer
O’Neil Outar
RISD Vice President for Institutional Engagement
Amee Spondike
RISD Museum Deputy Director, Development & External Affairs