BLACKBAUD DATA SECURITY INCIDENT
The safety and security of your personal information is of paramount importance to MSU. That is why we are writing to inform you of a data security incident that took place at a third-party vendor that MSU uses to assess philanthropic giving to the university and to manage MSU Broad Art Museum memberships.
Sensitive information, such as Social Security numbers, credit card or bank information, was never provided to the vendor and was not compromised. However, we know any information security incident causes concern and we want you to know we are taking appropriate action.
On July 16, we were contacted by Blackbaud, a large service provider of customer relationship management systems for institutions of higher education and nonprofit organizations, informing us of a data security incident from May 2020. The company shared that they were a victim of a ransomware attack in May 2020. While no MSU-owned technology, networks or systems were impacted by this incident, MSU took immediate steps, including sending a letter of demand following a concerning delay in the company’s sharing of important information so that we may be transparent about the incident’s impact to you.
Blackbaud’s data incident impacts current MSU Broad Art Museum members and a historical segment of MSU alumni and donors. The information that may have been exposed includes:
- Public information such as names, titles, dates of birth and spouse names
- Address and contact information such as phone numbers and email addresses
- Philanthropic interests, giving capacity, and summary giving history to MSU
- Educational attainment
Based on the information we have received from the company and our own analysis of the incident, at this time we believe that the information that may have been compromised was largely historical and presents little to no threat to the security of your personally protected information.
As with all information security incidents, we recommend that you continue to take precautionary measures to protect your personal information, including:
- Being aware of the possibility of phishing emails;
- Creating effective passwords;
- Using two-factor password authentication on devices and accounts whenever possible;
- Deleting files and data when you are done using them; and
- Pulling a free credit report annually. You may obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting http://www.annualcreditreport.com/, or by calling toll-free 877-322-8228.
While MSU has used this vendor over the past several years, we are reevaluating our working relationship with them going forward. Meanwhile, we will continue to investigate this matter further and keep you apprised if there are any changes to the actions we have outlined above.
For more information on this security incident, pages on University Advancement’s and MSU Broad Art Museum’s websites have been established and will be updated as more information becomes available. You may also visit blackbaud.com/securityincident for a more detailed description of the incident and of Blackbaud’s response.
We are deeply sorry for the inconvenience and unnecessary concern this event might cause. Please be assured that we are taking all appropriate measures to protect your personal information and are always grateful for your continued support of our university, its students and our global Spartan community.